0

I'm using RNCryptor for cryptography in an iOS project. The app decrypts JSON strings sent from a server. On the server, the strings are encrypted using unmodified versions of the PHP functions found in the RNCryptor repo.

Using the same password for encrypting all strings, the returned base64 data is sometimes invalid for different JSON strings I pass in to the RNCryptor PHP encrypt function. On the app, I see this error when trying to decrypt the data from the server: "The operation couldn’t be completed. (net.robnapier.RNCryptManager error -4301.)"

To show you some examples, this base64 string gets successfully decrypted:

AwHwsZqlDpvAcmWX92UtkQSKcHOq18gLsLFtP4FujV3DtXVrtGL86CFY9KAs23HaAoYINTLH3ouUJPpyQEcfXni+rJUJghTFBB24kk52aU0GQ/8IIgfnXPUywUuNwD4n7DnweaS3DdmdhFBQIUpSaCEg4T5bMPhIvUAndVMvJwc/SjbhJoB+bUqRDcPYXPzMiEW1i4jea/ssE87PcX9/NZtfkoNyiY7KLRy/dhgsADde1Q==

This one, however, fails:

AwHH7y0mnQvtWNCKa73jnS2DG63ylqDBc5iema3G6+/EkwPxiIkrPQHyJLvd3MO3mMIPsJjDK1C3uBCoHDc+Gzm0NJhBa08zs1twzZQ1jBdyt/q2AnGX99nku7MqF1oJOJ8nN1lriwYcFyvjBoBkEAAG28umjwxb5Y1t29dXtJzCwsrEVERs+SNkRE5C/j++bMPTV28EmR7LviyaMFAzpT+F5yUlLp2zRQgaQfyG8RlJTcvc+IqsrOisrDn7umDg+ii/Z9GDLlMkhu7OL1lHfcmD

It seems only the base64 strings that have the "=" character get decrypted successfully. Again, I used the same password to encrypt & decrypt these two strings. Why is the PHP encrypt function behaving like this?

P.S. The JSON strings passed in are perfectly valid (generated using the PHP json_encode() function).

  • `=` is required to pad out strings which would not normally fit inside mime's 8bit -> 6bit conversion. Their presence is REQUIRED by mime, based on the bit-length of the original string. Getting `=` or not getting `=` depends entirely on the original string. Your second string is MUCH longer than the first one, which means it is much longer when not encoded as well, and this length is "just right" to not require `=` padding. – Marc B Jan 15 '14 at 21:38
  • different salts pre-/post-pended to the password? – Marc B Jan 15 '14 at 21:44
  • Have you compared the base64 text send to/from the server with the base64 text at the client? Note that base64 is not URL proof, you need to encode base64 using URL encoding scheme if you send it using e.g. a HTTP GET. Also, not all clients will be able to handle very long URL's so you may need to use HTTP POST if you are using HTTP for sending data. – Maarten Bodewes Jan 16 '14 at 00:00

1 Answers1

2

After much debugging, the issue turned out to be the base64 decoder I was using on iOS. I was initially using the NSData+Base64 category from this blog post. It's flawed.

I ended up using the implementation here. Everything decrypts just fine now. :)

Community
  • 1
  • 1