5

I am using the CCCrypt method.

Can I use a longer key than than 128bit? Can it be arbitrarily long? Or perhaps multiples of 128?

If so how would I do this?

I didn't think this woas possible but I found this text: here

Some algorithms such as AES and RSA allow for keys of different lengths, but others are fixed, such as DES and 3DES. Encryption using a longer key generally implies a stronger resistance to message recovery. As usual, there is a trade off between security and time, so choose the key length appropriately.

How does AES allow for different lengths, does it ignore the bits higher than 128?

I'm pulling my hair out over this.

Cœur
  • 37,241
  • 25
  • 195
  • 267
Robert
  • 37,670
  • 37
  • 171
  • 213

2 Answers2

7

AES (the Advanced Encryption Standard) is actually a collection of three related block cipher algorithms (or pairs of algorithms, if one counts encryption and decryption individually). They all work on 128-bit blocks (16 bytes).

The most commonly used one is AES-128, which takes a 128-bit key (i.e. 16 bytes). AES-192 takes a 192-bit key (24 bytes), AES-256 takes a 256-bit key (32 bytes).

These three algorithms work in similar, but still different ways (and the ones for longer keys take a bit longer, since they do more "rounds" of the internal confusion operation, so all bits of the keys can somehow influence all bits of the ciphertext). Thus all these keys for all these algorithms encrypt and decrypt differently (i.e. there is no AES-256 key which does the same thing as an AES-128 key).

That said, I unfortunately have no idea if the CommonCrypto library supports all variants of AES, and if yes (what I suppose), how to select the right one.

Paŭlo Ebermann
  • 73,284
  • 20
  • 146
  • 210
  • I know this is old, but for anyone else looking, I am using CommonCrypto for AES128 with 256 byte keys and have used 128 byte keys as well. So I presume 192 byte keys would work also. – slycrel Aug 05 '13 at 20:20
  • 1
    @slycrel I don't know what you did (or what the CommonCrypto-API does), but AES-128 takes only 128-bit keys. The version with 256-bit keys is named AES-256, the version with 192-bit-keys is named AES-192. – Paŭlo Ebermann Aug 07 '13 at 07:23
  • Maybe I'm misunderstanding something, or mis-stating... I thought AES was always 128 bits, with differing key sizes. Not my original source, but this is a good write-up on this: http://blog.agilebits.com/2013/03/09/guess-why-were-moving-to-256-bit-aes-keys/ So probably jsut a terminology thing. If so, my apologies. – slycrel Aug 07 '13 at 17:09
  • The block size of AES is always 128 bits, that is why this number is not part of the name. The number in the name is the key size. – Paŭlo Ebermann Apr 20 '17 at 20:05
5

Paulo explanation is excellent! and much better than Apple documentation on the subject ;-)

Now to put this knowledge in iOS context... you need to know that cccrypt (like its named in man pages) is often named CommonCrypto (which can facilitate your searches) elsewhere in the web site.

Yet you won't find much until you realize this part is open source software and really lacks documentation.

But once you find this you can search thru the source code to find CommonCrypto.h and discover the enums you can use, which includes: kCCKeySizeAES128, kCCKeySizeAES192 and kCCKeySizeAES256 - so YES you can use 256bits keys with AES on iOS.

Thomas Pornin
  • 72,986
  • 14
  • 147
  • 189
poupou
  • 43,413
  • 6
  • 77
  • 174