NSMutableData to NSString

Question

Hi everyone I'm working with symmetric encryption in my app to encrypt messages that users send to each other. Now I'm trying to create a fairly secure key to decrypt this data (decryption key) using an NSMutableData. Currently I have two questions:

Is a 256-bit key for decryption safe enough?
I have some problems with NSString. When I want to retrieve the string value of the NSMutableData my NSLog always returns me a null value

Where am I doing wrong?

NSMutableData *masterKey = [NSMutableData dataWithLength:32];
    int result = SecRandomCopyBytes(kSecRandomDefault, 32, masterKey.mutableBytes);
    if (result != noErr) {
        NSLog(FAILED_MASTERKEY);
        return;
    }
NSLog(@"MASTER %@",[[NSString alloc] initWithData:masterKey encoding:NSUTF32StringEncoding]);

2018-11-28 16:06:31.803868+0100 [41860:9341804] MASTER (null)

Which Cryptographic algorithm in which mode you are using? The code you show doesn't contain any code about crypto? only [SecRandomCopyBytes](https://developer.apple.com/documentation/security/1399291-secrandomcopybytes) that is `Generates an array of cryptographically secure random bytes.` Also, you have two question that are not really realted. — kelalaka, Nov 28 '18 at 15:27
@kelalaka For cryptography I'm using Themis an open source library https://github.com/cossacklabs/themis/wiki/Objective-C-Howto .. This key is used for symmetric encryption for now.. How could I be clearer in my question? The fundamental problem is that I'm going to encrypt this 256bit key and then use it later as a decryption key for other data ...I'm sorry if I was not clear enough ... sometimes it's not easy to give a perfect explanation :( — kAiN, Nov 28 '18 at 15:29
@Rob creating a random string with [[NSProcessInfo processInfo] globallyUniqueString] + base64 encoded + perceptual escape would be just as safe? — kAiN, Nov 28 '18 at 15:39
I'd suggest you split this into two separate questions. I've answered the "how do I create a string representation of an arbitrary binary value", as suggested by this question's title, below. But the encryption questions seem like a complete different issue. — Rob, Nov 28 '18 at 15:44
Re `globallyUniqueString`, that would appear to ensure uniqueness, but I see nothing to suggest cryptographically robust randomness. I'd stick with cryptographic functions. — Rob, Nov 28 '18 at 15:46
When you post your separate crypto question, I'd suggest you step back and give a broader context. This whole notion of generating a single encryption key seems suspect, introducing a problem of how do you share this between the various devices. I would have expected that you'd want to generate key pairs on each device and exchange public keys or something like that. — Rob, Nov 28 '18 at 15:54
@Rob Yes, in fact my encryption will be asymmetric with the public key and the private key for each user ... I am using a master key that serves as an encryption key to decrypt the private key of the user .. The master key will be inside of Keychain .. That's why I was working on a solid key .. — kAiN, Nov 28 '18 at 15:57
You cannot just take some random data and say that's a EC encryption key, that's not how it works. You need to look into `SecKeyGeneratePair` function from `CommonCrypto` native framework, or find a good library for that. — mag_zbc, Nov 28 '18 at 16:29

Rob · Accepted Answer · 2018-11-28T17:44:12.773

You cannot create NSString directly from arbitrary binary data. Alternatives range from displaying hexadecimal representation (e.g. from the description method) or using some other text representation of binary data (e.g. base-64). But you can't just pass random binary data to -[NSString initWithData:encoding:].

NSLog(@"Hex:     %@", [masterKey description]);
NSLog(@"Hex:     %@", masterKey);                                   // directly logging the `NSData` will also use its `description`
NSLog(@"Base 64: %@", [masterKey base64EncodedStringWithOptions:0]);

The common technique for exchanging binary data via web service is base-64. But if the intent was merely to log the value so that you could see that, indeed, a value was generated, then just logging its description is simplest.

NSMutableData to NSString

1 Answers1