0

How can I decrypt NSData with RNCryptor (AES128CBC)? I already tried to understand the documentation: https://github.com/RNCryptor/RNCryptor-Spec/blob/master/draft-RNCryptor-Spec-v4.0.md

Edit:

class Decription{
    func AES128(message: String, key: String, iv: String){
        let keyData: NSData! = (key as NSString).dataUsingEncoding(NSUTF8StringEncoding) as NSData!
        let ivData:  NSData! = (iv as NSString).dataUsingEncoding(NSUTF8StringEncoding) as NSData!
        let data:    NSData! = (message as NSString).dataUsingEncoding(NSUTF8StringEncoding) as NSData!
        let cryptData        = NSMutableData(length: Int(data.length) + kCCBlockSizeAES128)!

        let keyLength              = size_t(kCCKeySizeAES256)
        let operation: CCOperation = UInt32(kCCDecrypt)
        let algoritm:  CCAlgorithm = UInt32(kCCAlgorithmAES128)
        let options:   CCOptions   = UInt32(kCCOptionECBMode + kCCOptionPKCS7Padding)

        var numBytesEncrypted :size_t = 0

        let cryptStatus = CCCrypt(
            operation,
            algoritm,
            options,
            keyData.bytes,
            keyLength,
            ivData.bytes,
            data.bytes, data.length,
            cryptData.mutableBytes,
            cryptData.length,
            &numBytesEncrypted
        )

        if UInt32(cryptStatus) == UInt32(kCCSuccess) {
            cryptData.length = Int(numBytesEncrypted)
            print("Decrypted Result = \(NSString(data: cryptData, encoding: NSUTF8StringEncoding))")
        } else {
            print("Error: \(cryptStatus)")
        }
    }
}

I changed the code snippet @zaph linked to. You can see the result above.

NSString(data: cryptData, encoding: NSUTF8StringEncoding) results nil. What is the problem?

Community
  • 1
  • 1
Daniel R.
  • 31
  • 2
  • 5
  • The problem is that not all data and virtually no encrypted data can be encoded as UTF-8 or most encodings. If you need a `String` as output use Base64 encoding. For Base64 encoding use: `func base64EncodedStringWithOptions(_ options: NSDataBase64EncodingOptions) -> String`. – zaph Feb 25 '16 at 15:04
  • The result have to be UTF-8, it's a JSON String. – Daniel R. Feb 25 '16 at 15:15
  • Base64 is composed of UTF-8 characters, you put the Base64 encoded string in the JSON. Another option is the hex encode the encrypted data and put that string in the JSON but this is less common these days. – zaph Feb 25 '16 at 15:19
  • The decrypting is wrong. If I decode the Base64 stuff I see only ASCII letters. – Daniel R. Feb 25 '16 at 15:28
  • [Base64](https://en.wikipedia.org/wiki/Base64) is indeed all ASCII characters and also UTF-8 characters. Encrypt the string to data bytes, Base64 encode the encrypted data bytes to a string, put the Base64 string in the JSON, send. Receive, decode the JSON to an object, get the Base64 string, decode it into data bytes, decrypt the data bytes into the original string. – zaph Feb 25 '16 at 15:51
  • Note that ECB mode does not use an iv and is not secure, use CBC mode which is the default for `CCCrypt`. – zaph Feb 25 '16 at 16:08
  • There is no single AES data format. Your encryption and decryption must exactly match in many particulars. In order to develop decryption code, you must start the precise mechanism used to encrypt the data. As Zaph notes, RNCryptor is a specific format. There are many different ways you code perform something vaguely called "AES128CBC." RNCryptor is just one of those many ways. Note also that the docs you listed are the RNCryptor v4 format. There are no existing implementations of that format. It is just a draft spec. The current format is v3. – Rob Napier Feb 25 '16 at 20:41
  • @RobNapier Since you are commenting here, have the issues WRT RNCryptor in it;s sevral language implementations including hash compare timing been resolved? – zaph Feb 25 '16 at 20:57
  • @zaph Fixes have been applied to all implementations that had identified timing problems, except C# and C++. (Haskell still doesn't validate the HMAC.) – Rob Napier Feb 25 '16 at 21:05

1 Answers1

1

First you encrypt using RNCryptor, not some other method because RNCryptor is more than just AES encryption, it an entire secure encryption method including key derivation and authentication. See the RNCryptor-Spec for more information.

If you just want decryption use Common Crypto with Swift, see this SO Answer for example code.

Note: The sample code is just that, it should not be used as-is in production code. In particular ECB mode is not secure, use CBC with a random iv and consider adding authentication and key derivation to the password such as PBKDF2.

Community
  • 1
  • 1
zaph
  • 111,848
  • 21
  • 189
  • 228