1

I'm trying to decrypt it in Xcode with AES-Crypt-Objc. I'have tried really everything..different libariers and so on..

..anyhting goes wrong, but I don't know what pls. help...

UPDATE (another opinion) Now i try this:

function mc_encrypt($encrypt, $key = "12345678901234567890123456789012") 
{
    $encrypt = "Affe";
    $iv2 = ''; 
    for($i=0;$i<16;$i++){ $iv2 .= "\0";  }

    $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, ($encrypt), MCRYPT_MODE_CBC,$iv2);
    $encode= base64_encode($ciphertext);

    return $encode;
}

in Obj-C I use also the same framework (still IV is now nil)

...still nothing works...

AND some Objc-C Code: note: request responseString is the string comes from above.

NSString *key = @"12345678901234561234567890123456";
NSLog(@"decrypted: %@",[AESCrypt decrypt:[request responseString] password:key]);

output is sometimes nothing, sometimes null.

kurtanamo
  • 1,808
  • 22
  • 27
  • NO, I think the base64_encode value have to be the same. – kurtanamo Oct 08 '12 at 23:31
  • Why are you encrypting with MCRYPT_RIJNDAEL_128 (128 bits) on one side and 256 bits on the other end? – fvu Oct 08 '12 at 23:31
  • i tried so much..that i'am now confused - i've tried so much libraries, most of them, i read anything about sizes 128 and 256 and in any situation it have to be the same (or some like that)...which library should i have to use – kurtanamo Oct 08 '12 at 23:34
  • Start with this SO question's accepted answer, it contains some pointers regarding the interoperability of php and iOS encryption : http://stackoverflow.com/questions/4455104/aes256-string-encryption-on-php-and-decryption-on-iphone?rq=1 – fvu Oct 08 '12 at 23:38
  • i've seen this already, there is MCRYPT_MODE_ECB but I need CBC..no problem i will try this now – kurtanamo Oct 08 '12 at 23:40
  • I need the rijndael_128 for this. so i have tried so much, never get the same code in both...but i will read the text in your link again..again and again..will see. – kurtanamo Oct 08 '12 at 23:43
  • First try and get the bytes of the IV and the key print out the same *in hexadecimals*. Currently we cannot compare the iOS code with the PHP code. – Maarten Bodewes Oct 09 '12 at 00:08
  • @swarley AES-Crypt-ObjC says `AESCrypt uses the AES-**256**-CBC cipher and encodes the encrypted data with base64.` not 128, or am I missing something here? – fvu Oct 09 '12 at 00:17
  • @fvu From my reading of the source code, it uses a key length dependent on the length of the input. – tc. Oct 12 '12 at 22:15

1 Answers1

2

For most systems, encryption should be non-deterministic — encrypting the same plaintext twice should almost never give the same ciphertext. Why? Let's say you send "attack at dawn" at midnight on day 0 to your accomplice, the attack fails (but you get away unharmed), and at midnight on day 1 you send "attack at dawn" again...

Apart from that, let me count the ways:

  • You haven't shown any ObjC code, so it's difficult to tell what's going wrong there.
  • Your PHP code uses, oddly, a 26-character "key". It should be 16 bytes for AES-128. I don't know how PHP's mcrypt handles overlong keys; the ObjC code adds zero-padding in FixKeyLengths().
  • Both the PHP (as you've shown it) and ObjC code (by default) use fixed IVs. Very bad.
    • They use different IVs, which is probably why you get different answers.

FWIW, I've seen that that (or similar) ObjC code all over the place. I can't un-recommend it enough; it really isn't suitable for general usage.

Just Use HTTPS.

tc.
  • 33,468
  • 5
  • 78
  • 96
  • HI, first of all: I use the same IV. At the moment its only a test, later if all works, it will be randomized IV. in the Obj-C Code is the same IV (I have changed it to the same IV as in php code). – kurtanamo Oct 09 '12 at 06:57
  • thx but i dont want to use https. I need a resolution for aes256 – kurtanamo Oct 09 '12 at 08:42