0

I have read countless "encryption results differ between X & Y" but unfortunately have not been able to find a solution.

I am trying to duplicate the AES encryption of a string in Node based on some previously written encryption code in Swift using CocoaSecurity.

I have both of them returning base64 values, but unfortunately they are not the same.

FYI I added a "test" key, iv, and string as example, these are not the values I am using on my project.

let key = Data.init(base64Encoded: "DqviM6rMaYF3kHymVTiis7MH7agLcFqmDoX085K7AWs=")
let iv = Data.init(base64Encoded: "zur4lDpQk4tFaqnEUYKD9A==")
let aes256 = CocoaSecurity.aesEncrypt("Testing1!", key: key, iv: iv)
let result = aes256?.base64
// result = nmvqDhE43gRQ1B0EWCu7vg==

And in Node I have written the encryption (using the same key & iv ... I have triple checked) like this:

const key = Buffer.from('DqviM6rMaYF3kHymVTiis7MH7agLcFqmDoX085K7AWs=', 'base64');
const vector = Buffer.from('zur4lDpQk4tFaqnEUYKD9A==', 'base64');

const encryptTool = crypto.createCipheriv('aes256', key, vector);
const result = encryptTool.update("Testing1!", 'utf8', 'base64') + encryptTool.final('base64');
// results = FabfCtSAAuiZ9K93wcHXYA==

I know there can occasionally be differences in the padding between encryption implementations, but I tried adding encryptTool.setAutoPadding(false); above and it would not run.

Are there any other options that could be set in the Node portion of this to ensure the same base64 string is returned?

Edited above to include key/vector, input string, and result

james
  • 5,006
  • 8
  • 39
  • 64
  • Would 'utf-8' that you set in Node part have some role to play ? – Roshith Sep 20 '17 at 03:59
  • 1. Show test input and the results of each in hex. – zaph Sep 20 '17 at 04:51
  • @Roshith I also tried `encryptTool.update(text) + encryptTool.final('base64');` with the same output of `result`. – james Sep 20 '17 at 12:20
  • @zaph thanks for the tip about not using Cocoa. Also in regards to randomizing the IV, do you mean that the IV should not be the same for each string that is encrypted? How do you handle that when decrypting on the other side (i.e. an API)? – james Sep 20 '17 at 12:24
  • @zaph I found a [few](https://stackoverflow.com/a/30555982/1554860) [explanations](https://stackoverflow.com/a/8041580/1554860) about the random IV. I also added some test data above as an example of what the results are. – james Sep 20 '17 at 12:49
  • 2
    Your node result (`FabfCtSAAuiZ9K93wcHXYA==`) is the result of encrypting “Password1!” with that key and iv, not “Testing1!”. If you want to compare node and swift results, make sure you’re encrypting te same thing in each! – matt Sep 20 '17 at 13:21
  • @matt wow...i just realized that. Thank you so much. I spent too much time making sure the key/iv were the same and forgot to make sure my test strings were the same! – james Sep 20 '17 at 13:58
  • @matt feel free to post that as the answer and I'll accept, as that fixes the issue. – james Sep 20 '17 at 14:00
  • Don't use [CocoaSecurity](https://github.com/kelp404/CocoaSecurity), it is dated, there is no longer a reason to use NSData in Swift. Also the default is completely wrong, the IV needs to re random per encryption, not derived from the key. – zaph Sep 20 '17 at 14:01

0 Answers0