-1

I would like to encrypt a string (password) on:

  • an iOS device (in Objective C)
  • an Android device (in Java)
  • a Windows phone (in C#)

...and then send that string via http to a Windows Server that will decrypt it (in C#).

Is there some utility / library / encryption engine that is capable of doing such a task?

Would you provide sample code for:

  • iOS device (in Objective C)
  • Android device (in Java)

Thanks

MrLister
  • 634
  • 7
  • 32
  • 1
    You really shouldn't ask people to write your code. Work on the problem, and ask for help when you hit a wall. – David Crowell Sep 02 '14 at 15:30
  • The issues you will face are that the key is data and should be the corect length, same for the iv. Use the same mode (CBC) and padding (PKCS7). If the key is a string use PBKDF2 to create a data key from it. If you need to transport the encrypted data in an ASCII environment use Base64 encoding. – zaph Sep 02 '14 at 15:40
  • If I knew anything about ios or Java ... I would... (notice there isn't a 'help me' for the C# side ... :-) – MrLister Sep 02 '14 at 15:40
  • Have you considered using SSL/TLS (HTTPS)? With some simple configuration on your Windows side, and changing your HTTP to HTTPS in your HTTP Request, you can avoid having to deal with all of this yourself (which means less work and it will probably be safer) – Rob Sep 02 '14 at 15:42
  • I have not, but even so, I would like the passwords to encrypted before they are sent over the wire. – MrLister Sep 02 '14 at 15:43
  • 1
    HTTPS and SSL encrypt the data. They also provide a level of authentication. If you do it yourself with a limited knowledge of cryptographic security the chances are great that it will not be secure. – zaph Sep 02 '14 at 15:45

1 Answers1

2

If you use a standard encryption algorithm (such as AES256), and all platforms have the appropriate keys, then this shouldn't be a problem.

Consider using CommonCrypto on iOS

Example on Android

And System.Security.Cryptography on Windows Phone / Windows Server

However, what is the problem you are trying to solve? If you want to encrypt data in transit, why not use HTTPS with an SSL certificate?

Community
  • 1
  • 1
John Sibly
  • 22,782
  • 7
  • 63
  • 80
  • so there is no issue with big endian and little endian ? Can you provide sample code for ios and android? – MrLister Sep 02 '14 at 15:27
  • 2
    Encryption is byte oriented, it has no concept of anything larger so there is no endian issue. Strings encoded in UTF-8 also have no endianness. – zaph Sep 02 '14 at 15:35
  • 2
    +1 - especially for HTTPS advice - it is *very hard* to implement secure communication correctly, and it is hard to justify not using existing implementation (short of personal entertainment goals, but such needs to be stated in the question) – Alexei Levenkov Sep 02 '14 at 15:39