4

I am trying to encrypt an NSString to both NSString and NSData in Objective-C and so I began a search.

I started off here, but that went way over my head, unfortunately.

I then found myself at this post and it came across to be very easy to follow, so I went along and tried to figure out the implementation. After looking over the implementation, I saw the second answer in the post and saw he had more adaptable implementations, which brought me to his gist. As per the gist readme, he "took down this Gist due to concerns about the security of the encryption/decryption". That leads me to believe that the security of the implementation from above has security flaws as well.

From that gist, however, he mentioned another alternative that I could use for encryption. After taking a look at the code, I noticed that it generates NSData with "a header, encryption salt, HMAC salt, IV, ciphertext, and HMAC". I know how to handle that to decode using the same library again, but how would I pass this off to a server guy, given that I don't quite know what I'm sending to him?

At the root of it all, I'm in over my head. Given what I said above and knowing that I don't have the time to take on a lot of learning for this, unless if it is absolutely necessary, how should I best handle going about this encoding/decoding process, given a private key with the end goal of shipping it off to a server that is not designed by me? (How's that for a run on sentence!)

Community
  • 1
  • 1
RileyE
  • 10,874
  • 13
  • 63
  • 106

1 Answers1

3

Maybe you should ask the server guy? When ever you have encryption between too parties you have to have some kind of agreement on the format of that data, the raw primitives don't handle that alone, not to mention it's easy to mess things up security wise dealing with just the primitives and the desire to just send the aes ciphertext alone is going to cause mistakes.

RNCryptor, which you mention, is a high level encryption library it defines a simple format that others would have to conform too, it's simple thus helps going cross platform, but it has that extra that you need to do AES properly. There are other libraries like that too (NaCL, GPGME, and Keyczar), that are not as simple in format, but simple in usage, so you'd need to be able to use the library on both ends, but I'd highly recommend that you uses something like that, if you can, rather than rolling your own.

Keyczar specifically exists for java, python, c++, c# and go, so if you can use the c++ version on the iOS (or Mac, which ever you are targeting on the client) you might be good on the server as there are several choices.

jbtule
  • 31,383
  • 12
  • 95
  • 128
  • I was hoping to find the easiest solution for my side as the person doing the server side is pretty much a security guru. I came to SO for this because he isn't aware of what is out there for iOS and also a pride thing (I would prefer to seem competent, rather than useless in this situation). However, what do you mean by `"it has that extra that you need to do AES properly"`? – RileyE Feb 13 '13 at 18:54
  • 2
    @RileyE It has a format that includes a random initialization vector, a random salt(optional, required only if you are using a password instead of a a random generated key) and adds an hmac tag to make sure the iv, salt, and ciphertext aren't modified. Modification of the ciphertext is key to many side channel attacks against AES. – jbtule Feb 13 '13 at 19:01
  • 1
    @RileyE, Also I think RNCryptor is the easiest solution on your side BTW. – jbtule Feb 13 '13 at 19:04
  • Oh! Thats what you meant by the extra. Thats all amazing information! Thank you! And I probably will end up using RNCryptor, since I think I get it a lot better now after doing some more reading. Thanks! – RileyE Feb 13 '13 at 19:09
  • Actually, could you make a comment on why the simple implementation was taken down due to security reasons? Was it because of the ciphertext modification you were talking about, that is prevented by the hmac tag in RNCryptor? – RileyE Feb 13 '13 at 19:10
  • Well, looking at the revision history, and scanning the code the first thing I saw was an argument passed in as `, NULL /* initialization vector (optional) */,` Initialization Vectors are NOT optional, and that code had hard coded it to null. It was probably one of many issues, but that issue is particularly severe. – jbtule Feb 13 '13 at 19:17
  • And we're back to over my head, so I will stick to trusting you and learning a bit more about it before going forward. Again, thanks! – RileyE Feb 13 '13 at 19:21