4

I am building a Monotouch application which downloads data from the server encrypted using AES. I then need to decrypt this data when the file is accessed.

What is the best way for doing this using MonoTouch? iOS AES decryption is apparently hardware accelerated and so I would ideally like to call into CCCrypt. I am a bit of a n00b to MonoTouch so does anyone know how to do this?

Or alternatively is there a better approach to doing AES decryption in MonoTouch?

Community
  • 1
  • 1
James Hollingworth
  • 14,040
  • 12
  • 39
  • 57

2 Answers2

6

MonoTouch provides AES support inside it's class library, e.g. the RijndaelManaged class.

However you need to know a bit more about how it was encrypted (cipher mode, padding mode, key size) to be able to decrypt a file. Also depending on the file size you might want to decrypt it in memory (safer) if it's small or to a temporary file (if large).

Notes:

  • Rijndael is the original name of the algorithm that got selected to be AES;

  • AES is a subset of Rijndael (only one block size, 128 bits) so you can do everything AES supports using RijndaelManaged;

  • At the moment MonoTouch does not use CommonCrypto (it uses the managed implementation from Mono) so you won't get hardware acceleration. This will likely change in future releases (and will be compatible, i.e. simply re-compile, for people who used RijndaelManaged in their applications).

EDIT

MonoTouch 5.3.3 (alpha) now default to use CommonCrypto implementations, including hardware acceleration (when available) for AES and SHA1.

poupou
  • 43,413
  • 6
  • 77
  • 174
  • 1
    I don't know the difference between hw acceleration and the managed implementation, but current CPU's are fast enough to make the non-accelerated method pretty speedy. The AES accelerator of Intel CPU's e.g. is only twice as fast as the fast software implementations in C++. Any I/O, and that will be the bottleneck. – Maarten Bodewes Mar 22 '12 at 21:17
  • @owlstead The difference is often larger on smaller devices (it's not only faster, it offload the main CPU) but I agree that I/O often hides the speed increase. I blogged about (a different ARM device using `/dev/crypto`) here: http://spouliot.wordpress.com/2012/02/27/cryptodev-support-in-crimson/ and the biggest win was using large blocks (i.e. avoid calls and transitions). – poupou Mar 22 '12 at 21:23
  • Yeah, about three times as fast, that suits my expectations for ARM devices. The offload may be the biggest advantage, though the memory hit will be the same, and of course offloading only works when the CPU has other significant work to do. – Maarten Bodewes Mar 22 '12 at 21:33
0

If you are interested in encrypting data at rest (i.e. a database) under MonoTouch SQLCipher might be a good option (http://sqlcipher.net). The MonoTouch provider for SQLCipher provides SQLite full database encryption using AES-256 (http://sqlcipher.net/sqlcipher-for-monotouch). There is also a companion library for Mono on Android, which provides the same API and features for android (http://sqlcipher.net/sqlcipher-on-mono-for-android)

Disclosure: I work for Zetetic, the author of SQLCipher.

Stephen Lombardo
  • 1,503
  • 8
  • 7