I used PHP to encrypt a string with PKCS #7 padding in DES algorithm.
I want to know how to use CCCrypt in iOS to decrypt the DES encrypted string. Appreciate it if you could provide some sample codes to help me.
Thanks.
Asked
Active
Viewed 1,996 times
1
-
Have you tried anything? – jtbandes Aug 24 '11 at 07:58
-
i tried some CCCrypt tutorials, but none of them is talking about DES. – user403015 Aug 24 '11 at 08:03
-
take a look here: http://stackoverflow.com/questions/4611256/is-there-any-api-that-could-use-to-call-the-des-encrypt-and-decrypt-in-objective – MByD Aug 24 '11 at 08:04
-
Thanks, but there is no sample code. – user403015 Aug 24 '11 at 08:15
-
**Do not use DES for new work**, it is no longer considered secure and has been superceeded by AES (Advanced Encryption Standard) DES only has key size is only 56 bits which is not considered to be secure, AES supports key sizes of 128,192 and 256 bits. See [Security comparison of DES and AES](https://security.stackexchange.com/a/26181/5121). – zaph Jul 07 '17 at 15:56
-
If you are usinf `mcrypt`: don't. It is best not to use mcrypt, it is abandonware, has not been updated in years and does not support standard PKCS#7 (née PKCS#5) padding, only non-standard null padding that can't even be used with binary data. mcrypt has many outstanding [bugs](https://sourceforge.net/p/mcrypt/bugs/) dating back to 2003. The mcrypt-extension is deprecated will be removed in PHP 7.2. Instead consider using [defuse](https://github.com/defuse/php-encryption) or [RNCryptor](https://github.com/RNCryptor), they provide a complete solution and are being maintained and is correct. – zaph Jul 07 '17 at 16:02
1 Answers
-1
- (NSData *)encryptDESByKey:(NSData *)key data:(NSData *)data
{
size_t numBytesEncrypted = 0;
size_t bufferSize = data.length + kCCBlockSizeDES;
void *buffer = malloc(bufferSize);
CCCryptorStatus result = CCCrypt( kCCEncrypt, kCCAlgorithmDES, kCCOptionPKCS7Padding,
key.bytes, kCCKeySizeDES,
NULL,
data.bytes, data.length,
buffer, bufferSize,
&numBytesEncrypted);
NSData *output = [NSData dataWithBytes:buffer length:numBytesEncrypted];
free(buffer);
if( result == kCCSuccess )
{
NSLog(@"encoded str %@",[output base64EncodedStringWithOptions:0]);
return output;
} else {
NSLog(@"Failed DES encrypt...");
return nil;
}
}
- (NSData *) decryptDESByKey:(NSData *)key data:(NSData *)data
{
size_t numBytesEncrypted = 0;
size_t bufferSize = data.length + kCCBlockSizeDES;
void *buffer_decrypt = malloc(bufferSize);
CCCryptorStatus result = CCCrypt( kCCDecrypt , kCCAlgorithmDES, kCCOptionPKCS7Padding,
key.bytes, kCCKeySizeDES,
NULL,
data.bytes, data.length,
buffer_decrypt, bufferSize,
&numBytesEncrypted );
NSData *output = [NSData dataWithBytes:buffer_decrypt length:numBytesEncrypted];
free(buffer_decrypt);
if( result == kCCSuccess )
{
NSString *decodedString = [[NSString alloc] initWithData:output encoding:NSUTF8StringEncoding];
NSLog(@"decoded str %@",decodedString);
return output;
} else {
NSLog(@"Failed DES decrypt ...");
return nil;
}
}
-- Then you can call method like
[self decryptDESByKey:[@"qwertykey" dataUsingEncoding:NSUTF8StringEncoding] data:[self encryptDESByKey:[@"qwertykey" dataUsingEncoding:NSUTF8StringEncoding] data:["YOUR--INPUT__STRING" dataUsingEncoding:NSUTF8StringEncoding]]];
-- "qwertykey" is the secretkey supplied
-
**This example is not secure**: `CCCrypt` by default uses CBC mode but no IV is supplied. It is not secure to use a static IV, the IV needs to be an array of random bytes generated by a CSPRNG unique for each encryption, the IV can prefix the encrypted data for decryption, it does not need to be secret. If a password string is used a decryption key needs to be derived from it with a function such as PBKDF2 *which Common Crypto supports). – zaph Jul 07 '17 at 15:59