3

When I try to decrypt a cipher text using the wrong key, CCCrypt returns kCCDecodeError.

Question is, does it do so reliably (eg. am I guaranteed that if it returns success, my input key was the key used to encrypt the plain text, and am I also guaranteed that my output data is my original plain text) and how can it even know whether my key is correct or not?

As far as I understood crypto, the engine cannot predict whether the key is valid and should just give me random noise as output data and a successful return code.

lhunath
  • 120,288
  • 16
  • 68
  • 77

1 Answers1

1

If you specified PCKS7 padding (kCCOptionPKCS7Padding) then it can tell if you failed to decrypt it properly - most of the time. There is a chance that the random result of the wrong key could cause the last bits of the message to look like valid PKCS7 padding.

The only other thing it can detect is if your key is not a valid length at all.

Nate Petersen
  • 888
  • 8
  • 11
  • So how am I supposed to know that my decrypt was successful or failed? – Kyle Jurick Dec 30 '14 at 20:19
  • @KyleJurick I would recommend that your plaintext data be in some sort of of format that can be validated. Like XML, for example. More generally speaking, I guess you can tell it didn't work if the data you got out of it is not useful. – Nate Petersen Feb 12 '15 at 17:53