0

I'm working on swift project that is scanning QR codes and getting encrypted AES-128 data that needs to be decrypted.

I'm using a framework that is called CryptoSwift.

I have the key and data from QR code that holds the encrypted data.

var key     = "B7zqj4TAXnPevYZAR4T26969"
var qrData  = "zWDzClfre4aOjTumzGsnpqh4Sje7sFsbKceA3/OSH3nKRwc7/6fYUajBr/bLh9BB"

Edit: Sorry, I forgot to mention that the encryption made with:

  1. Cipher : AES-128
  2. Mode of Operation : CBC
  3. Padding : PKCS7
  4. Key derived from : Simple decoding

I'd like to know what approaches I should do in order to decrypt this QR data.

Any help would be nice.

jww
  • 97,681
  • 90
  • 411
  • 885
Yusuf
  • 63
  • 2
  • 11
  • Do not use CryptoSwift, all the primitives are home-grown implementations and may have errors/weaknesses/backdoors. Use a library that uses Apple's Common Crypto which is well vetted. Additionally CryptoSwift lacks key cryptographic primitives such as PBKDF2 for deriving keys from passwords which is used to help make passwords into secure keys. Also missing is obtaining random data for use as an iv among other critical usages. Apple's iOS CoreCrypto Kernel Module is FIPS-140-2 certified. – zaph Jun 30 '15 at 17:33
  • See this [SO answer](http://stackoverflow.com/a/29230965/451475) for sample Swift AES code. – zaph Jun 30 '15 at 17:35
  • When you say: "Cipher : AES-128" that is ambiguous. presumably you mean a 128-bit key size. The key supplied is 24 bytes which would be a key size of 192-bits. CBC mode requires an iv but none is specified. Many inmplementations will use 0x00 bytes by default but that is not guaranteed, Common Crypto does. But it is always best to supply the iv. What do you expect wen you say: "Key derived from : Simple decoding"? The current best practives solution is PBKDF2. – zaph Jun 30 '15 at 17:53
  • Hi @zaph, very good hints, thank you for these but I'm wondering if I use Apple's Common Crypto, is easy to import to swift project? At the moment, I'm checking the SO answer and when I try to check these codes, I'm getting a lot of errors. – Yusuf Jun 30 '15 at 17:55
  • You need a Bridging header and add `#import ` to it. If you dont have a bridging header let the system add one for out, see [Adding a Bridging Header](http://stackoverflow.com/a/24005242/451475), you can delete the .m file after step 3..You also need to add `Security.framework` to the project. What version if Swift are you using. – zaph Jun 30 '15 at 19:46
  • Hi @zaph I've solved the issue. Thanks again. – Yusuf Jul 02 '15 at 09:17
  • I copied some pertinent comments into an answer. – zaph Jul 02 '15 at 11:06
  • Note: CryptoSwift is over 1000 times slower than Apple's Common Crypto CCCrypt on an iPhone 6. – zaph Aug 10 '15 at 23:22

1 Answers1

1

See this SO answer for sample Swift AES code.

When you say: "Cipher : AES-128" that is ambiguous. presumably you mean a 128-bit key size. The key supplied is 24 bytes which would be a key size of 192-bits.

CBC mode requires an iv but none is specified. Many inmplementations will use 0x00 bytes by default but that is not guaranteed, Common Crypto does. But it is always best to supply the iv.

What do you expect wen you say: "Key derived from : Simple decoding"? The current best practives solution is PBKDF2.

You need a Bridging header and add #import in it. If you dont have a bridging header let the system add one for out, see Adding a Bridging Header, you can delete the .m file after step 3.

You also need to add Security.framework to the project. What version if Swift are you using.

Community
  • 1
  • 1
zaph
  • 111,848
  • 21
  • 189
  • 228
  • Hi @zaph, with your help I've managed to '#import ' to my swift project and with the [SO answer](http://stackoverflow.com/a/29230965/3337223) I decrypted some data. But I'd like to ask how could I convert it to string so that I can see it is successfully decrypted? – Yusuf Jul 05 '15 at 22:05
  • Given data that is also a valid UTF-8 string: `var dataString = NSString(data:data, encoding:NSUTF8StringEncoding) as! String`. – zaph Jul 06 '15 at 02:59
  • var dataString = NSString(data:data, encoding:NSUTF8StringEncoding) as! String. So instead of data, should I use decryptedData? Because that data holds the information that I want to convert to string. – Yusuf Jul 06 '15 at 10:50