1

On my server I use this code to encrypt data:

class AESCipher(object):

    def __init__(self, key, iv, block_size=32):
        self.bs = block_size
        self.iv = iv
        self.encoder = PKCS7Encoder(block_size=self.bs)
        self.key = hashlib.sha256(key.encode()).digest()

    def encrypt(self, raw):
        raw = self.encoder.encode(raw)
        cipher = AES.new(self.key, AES.MODE_CBC, self.iv)
        return base64.b64encode(self.iv + cipher.encrypt(raw))

And use this code: https://github.com/janglin/crypto-pkcs7-example/blob/master/pkcs7.py for padding.

In my app I use this answer to decrypt and encrypt.

But I get different results: In python:

cipher = AESCipher(BaseConfig.AES_KEY, BaseConfig.AES_IV)
print cipher.encrypt("hello") #returns: Z3FMT0hVaW9RMFFqaHV2SXMOLB2j6ZdRhuUKwE60BBRYa6bgS2gFqgR/VFKXyJiU

In swift:

print(try! "hello".aesEncrypt(GVariables.AESKey, iv: GVariables.AESIv)) //reutrns: 9OpPH19GmTd6n0dsXFJ0mQ==
Community
  • 1
  • 1
Arti
  • 7,356
  • 12
  • 57
  • 122
  • It is best to avoid using CryptoSwift, amoung other things it is 500 to 1000 times slower than Common Crypto based implementations. Apple's Common Crypto is FIPS certified and as such has been well vetted, using CryptoSwift is taking a chance on correctness and security. – zaph Apr 06 '16 at 13:14
  • What python library are you using? Please provide a link to the documentation. – zaph Apr 06 '16 at 13:17
  • @zaph can you show solution on common crypto ? – Arti Apr 06 '16 at 13:34
  • http://stackoverflow.com/questions/12524994/encrypt-decrypt-using-pycrypto-aes-256 – Arti Apr 06 '16 at 13:34
  • For a Swift Common Crypto example see this [SO answer](http://stackoverflow.com/a/32702039/451475). You will need to add any data encoding prior to and/or after the encryption, it is rewally best to keep them seperate. – zaph Apr 06 '16 at 13:52
  • @zaph but how to merge your code and aes encryption... – Arti Apr 06 '16 at 13:56

1 Answers1

3

The fact that the Python encryption returns 64 Base64 encoded bytes which is 48 data bytes for encrypting 5 bytes indicated that additional information is added to the encrypted data.

Encryption of 5 bytes with AES will result in 16-bytes (one block). So there are an additional 32 bytes in the encrypted data. The answer shows prepending the IV but that is only 16-bytes leaving another 16-bytes unknown.

Note that the code you copied used CFB mode, you probably should use CBC mode.

Best advice given lack of experience with encryption, consider using RNCryptor, there are versions in many languages including RNCryptor-python and RNCryptor iOS and it handles all the details needed for secure encryption.

zaph
  • 111,848
  • 21
  • 189
  • 228