1

A colleague provided me two text files he encrypted using GNUPG, AES128/AES256 with no salt.

Using the following example, https://stackoverflow.com/a/1400596/300972, I tried to decrypt both files in an iOS application, one using the AES256 example, the second by modifying the algo to kCCAlgorithmAES128 and keysize to kCCKeySizeAES128.

Loading the files to an NSData object proved successful; I am able to output the NSData. However, on decrypt they always fail with kCCDecodeError (-4304). I thought it may be the padding, so we tried different variations, the original being kCCOptionPKCS7Padding, still the same error. I tried a padding of 0, which provides a truncated NSData object which I cannot create an NSString from. (UTF8 encoded).

Has anyone been successfully able to decrypt a file encrypted using GNUPG in an iOS environment? Can you provide us with lessons learned?

Community
  • 1
  • 1
Oh Danny Boy
  • 4,857
  • 8
  • 56
  • 88

2 Answers2

3

GnuPG writes in the OpenPGP file format (RFC-4880). This is a fairly complicated format and you would need to parse it before you can even begin to decrypt the data. GnuPG also compresses the data before it encrypts it. And it uses "OpenPGP's variant of Cipher Feedback (CFB) mode." While iOS 5 supports CFB, this isn't quite the same as RFC-4880. For instance, they don't use a normal IV, and they synchronize in a novel way to provide a "quick check" that is incompatible with standard CFB. Then there's their String-to-Key (S2K) algorithms, which are not the same as PBKDF2.

In short, CommonCryptor is the last in a long series of steps of tearing this down to something to hand to AES. You could look at libgcrypt, but its LGPL license is generally incompatible with iOS development. You should probably investigate other OpenPGP implementations. I know there are some in JavaScript (which is crazy, but could still work without creating licensing headaches). Maybe Cryptlib (which has a commercial license).

Personally, I'd go with some other encryptor if you can. OpenSSL, while not particularly secure, is very portable, and as easy to use as a commandline app. RNCryptor can read and write it on iOS.

Community
  • 1
  • 1
Rob Napier
  • 286,113
  • 34
  • 456
  • 610
  • Thank you for taking the time to answer. We will rethink our approach. – Oh Danny Boy Aug 15 '12 at 13:52
  • Came back to this question, saw your profile. Just wanted to say I love the book iOS5 Programming, Pushing the limits! I have a copy right here on my desk. Thanks again for your help! – Oh Danny Boy Aug 30 '12 at 19:14
  • 1
    If licensing is a concern, you may want to look into [NetPGP](http://www.netpgp.com). – Draxillion Jan 06 '13 at 06:45
1

You can check ObjectivePGP framework.

Marcin
  • 3,694
  • 5
  • 32
  • 52