3

I am currently trying to encrypt a string in an aes-128 cfb8 format in objective c. I have looked everywhere but can't seem to find a working solution. Bouncy castle is something that would be an ideal solution, but it only works on java and c#. Is openssl the best option here? I can't seem to find any detailed ways to actually encrypt using openssl. Please lead me in the right direction. Switching to another encryption is not an option.

blake305
  • 2,196
  • 3
  • 23
  • 52
  • Your question is related to http://stackoverflow.com/questions/2774239/help-for-aes-128-bit-algorithm-i-want-to-encrypt-it and http://watchitlater.com/blog/2010/02/java-and-iphone-aes-interoperability/ – Mihai8 Mar 08 '13 at 00:19

2 Answers2

1

CommonCryptor should support CFB-8 using kCCModeCFB8. See the man page for CCCrypt for details.

That said, I always warn people to be very careful implementing this kind of stuff by hand with any low-level library like CommonCryptor. It is extremely easy to do it incorrectly. For instance, you must generate keys correctly from passwords with a KDF (you can't just byte-copy passwords into the key data), and IV must be random or CFB loses some of its security (more specifically, you must never reuse the same key and IV).

If you're unfamiliar with these issues, see Properly encrypting with AES with CommonCrypto and Mike Ash's Friday Q&A 2012-08-10: A Tour of CommonCrypto. The one piece you need to change for CFB-8 is to replace the call to CCryptorCreate with a call to CCCryptorCreateWithMode, passing the kCCModeCFB8.

Rob Napier
  • 286,113
  • 34
  • 456
  • 610
  • Rob pointed out in a comment: kCCModeCFB8 is a CCMode (an enum), not a CCOptions (a bitfield). You can't OR it with kCCOptionPKCS7Padding. (If you could, then PKCS7 Padding would also turn on ECB mode, since they're both 1.) You have to use CCCryptorCreateWithMode() to set the mode. I don't believe there is any way to set the mode with a 1-shot convenience function like CCCrypt(). – zaph Nov 04 '13 at 13:47
0

I am currently working on security protocols for a medical unit. I definitely believe openssl is the best method of encrypting data. Use the native file system whenever possible to offload work and decrease development time without introducing buggy code. That being said, I am VERY new to objective-c.

  1. Use your objective-c program to construct the command line.
  2. Use your objective-c program to pass that command line to the shell.
  3. Let the shell process your encryption.
  4. Receive the openssl result from the shell and process result to determine if any errors occur. @"" indicates no errors.

Good luck. Sorry I could not provide any detailed Objective-C code, I just started Objective-C this week and am familiar with doing all my code base in other languages. But each language has a shell interface and that is your best option, without doubt.

Jared Clemence
  • 1,062
  • 11
  • 26
  • 1
    I take it you're describing the openssl command-line encryption? Why do you believe it is the best method? The OpenSSL 'enc' command does not follow any really standard or best practices. It's not horrible, but it certainly could be much better. See http://security.stackexchange.com/a/23239/5304 for some of the discussion about its problems. – Rob Napier Oct 25 '13 at 21:26
  • If the OP was interested in doing this on iOS, then using the command line would not be possible (not counting jailbroken), due to starting new processes not being allowed. For OSX it would be usable. – Kitsune Nov 03 '13 at 14:51