We Keep Coding

How to encrypt with AES 256 CBC in Objective C

I am building an iPhone app which gets a encrypt string and sent it to backend.
In PHP I am encrypting the string like this:
$encrypt_method = "AES-256-CBC";
$secret_key = 'This is my secret key';
$secret_iv = 'This is my secret iv';
// hash
$key = hash('sha256', $secret_key);
// iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if( $action == 'encrypt' ) {
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
}
How I do the same like that but in Objective C

#import <CommonCrypto/CommonCryptor.h>
#define key #"YOUR_KEY"
#define iv #"YOUR_IV"
- (NSData *) cryptOperation:(CCOperation)operation
{
// 'key' should be 32 bytes for AES256, will be null-padded otherwise
char keys[kCCKeySizeAES256 + 1];
[key getCString:keys maxLength:sizeof(keys) encoding:NSUTF8StringEncoding];
// Perform PKCS7Padding on the key.
unsigned long bytes_to_pad = sizeof(keys) - [key length];
if (bytes_to_pad > 0)
{
char byte = bytes_to_pad;
for (unsigned long i = sizeof(keys) - bytes_to_pad; i < sizeof(keys); i++)
keys[i] = byte;
}
NSUInteger dataLength = [self length];
//See the doc: For block ciphers, the output size will always be less than or
//equal to the input size plus the size of one block.
//That's why we need to add the size of one block here
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc(bufferSize);
size_t numBytesDecrypted = 0;
CCCryptorStatus status = CCCrypt(operation, kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
keys, kCCKeySizeAES256,
[iv UTF8String],
[self bytes], dataLength, /* input */
buffer, bufferSize, /* output */
&numBytesDecrypted);
if (status == kCCSuccess)
{
//the returned NSData takes ownership of buffer and will free it on dealloc
return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
}
free(buffer); //free the buffer;
return nil;
}
- (NSData *)AES256Encrypt
{
return [self cryptOperation:kCCEncrypt];
}
- (NSData *)AES256Decrypt
{
return [self cryptOperation:kCCDecrypt];
}
you can use this method by following way..
NSString *receivedDataDecryptString = [self decrypt:#"YOUR_STRING"];
NSString *receivedDataEncryptString = [self encrypt:#"YOUR_STRING"];
-(NSString *)encrypt:(NSString *)string
{
NSData *data = [string dataUsingEncoding:NSUTF8StringEncoding];
NSData *dataEncrypted = [data AES256Encrypt];
NSString *strRecordEncrypted = [dataEncrypted base64EncodedStringWithOptions:0];
return strRecordEncrypted;
}
-(NSString *)decrypt:(NSString *)string
{
if([string containsString:#"\n"] || [string containsString:#"\t"])
{
string = [[string componentsSeparatedByCharactersInSet:[NSCharacterSet newlineCharacterSet]] componentsJoinedByString:#""];
string = [string stringByReplacingOccurrencesOfString:#"\t" withString:#""];
}
NSData *keyData = [[NSData alloc] initWithBase64EncodedString:string options:0];
NSData *dataDecrypted = [keyData AES256Decrypt];
NSString *receivedDataDecryptString = [[NSString alloc]initWithData:dataDecrypted encoding:NSUTF8StringEncoding];
return receivedDataDecryptString;
}

Thanks Nirav Kotecha for your answer.
I ended up using CrytoSwift and Add Extension class NSString and String to call it.

encrypt nsstring with 3des ios7

I am new with iOS7 development and objective c, and i need to develop an application which will send encrypted data with 3DES to a server,I have searched in stack overflow and Net but still unable to get it work, finally i tried this code but i got null as result,
+ (NSString*)encrypt:(NSString*)plainText withKey:(NSString*)key{
uint8_t keyByte[kSecrectKeyLength];
NSMutableData *keyData = [[NSMutableData alloc] init];
int i;
for (i=0; i < [key length] / 2; i++) {
NSString *tempNumber = [key substringWithRange: NSMakeRange(i * 2, 2)];
NSScanner *scanner=[NSScanner scannerWithString:tempNumber];
unsigned int temp;
[scanner scanHexInt:&temp];
Byte B = (Byte)(0xFF & temp);
keyByte[i] = B;
}
NSData* data = [plainText dataUsingEncoding:NSUTF8StringEncoding];
size_t plainTextBufferSize = [data length];
const void *vplainText = (const void *)[data bytes];
CCCryptorStatus ccStatus;
uint8_t *bufferPtr = NULL;
size_t bufferPtrSize = 0;
size_t movedBytes = 0;
bufferPtrSize = (plainTextBufferSize + kCCBlockSize3DES) & ~(kCCBlockSize3DES - 1);
bufferPtr = malloc( bufferPtrSize * sizeof(uint8_t));
memset((void *)bufferPtr, 0x0, bufferPtrSize);
const void *vkey = (const void *) keyByte;
const void *vinitVec = (const void *) [gIv UTF8String];
ccStatus = CCCrypt(kCCEncrypt,
kCCAlgorithm3DES,
kCCOptionPKCS7Padding,
vkey,
kCCKeySize3DES,
vinitVec,
vplainText,
plainTextBufferSize,
(void *)bufferPtr,
bufferPtrSize,
&movedBytes);
NSData *myData = [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes];
//NSString *result = [GTMBase64 stringByEncodingData:myData];
NSString *result = [[NSString alloc] initWithData:myData encoding:NSUTF8StringEncoding];
NSLog(#"result=%#",result);
return result;
}
Please have u any idea about the solution???

lol i just struggled with this myself the other day, i have a working solution now using this code
+ (NSData *)tripleDesEncryptString:(NSString *)input
key:(NSString *)key
error:(NSError **)error
{
NSParameterAssert(input);
NSParameterAssert(key);
NSData *inputData = [input dataUsingEncoding:NSUTF8StringEncoding];
NSData *keyData = [key dataUsingEncoding:NSUTF8StringEncoding];
size_t outLength;
NSAssert(keyData.length == kCCKeySize3DES, #"the keyData is an invalid size");
NSMutableData *outputData = [NSMutableData dataWithLength:(inputData.length + kCCBlockSize3DES)];
CCCryptorStatus
result = CCCrypt(kCCEncrypt, // operation
kCCAlgorithm3DES, // Algorithm
kCCOptionPKCS7Padding | kCCOptionECBMode, // options
keyData.bytes, // key
keyData.length, // keylength
nil,// iv
inputData.bytes, // dataIn
inputData.length, // dataInLength,
outputData.mutableBytes, // dataOut
outputData.length, // dataOutAvailable
&outLength); // dataOutMoved
if (result != kCCSuccess) {
if (error != NULL) {
*error = [NSError errorWithDomain:#"com.your_domain.your_project_name.your_class_name."
code:result
userInfo:nil];
}
return nil;
}
[outputData setLength:outLength];
return outputData;
}
+ (NSString *)tripleDesDecryptData:(NSData *)input
key:(NSString *)key
error:(NSError **)error
{
NSParameterAssert(input);
NSParameterAssert(key);
NSData *inputData = input;
NSData *keyData = [key dataUsingEncoding:NSUTF8StringEncoding];
size_t outLength;
NSAssert(keyData.length == kCCKeySize3DES, #"the keyData is an invalid size");
NSMutableData *outputData = [NSMutableData dataWithLength:(inputData.length + kCCBlockSize3DES)];
CCCryptorStatus
result = CCCrypt(kCCDecrypt, // operation
kCCAlgorithm3DES, // Algorithm
kCCOptionPKCS7Padding | kCCOptionECBMode, // options
keyData.bytes, // key
keyData.length, // keylength
nil,// iv
inputData.bytes, // dataIn
inputData.length, // dataInLength,
outputData.mutableBytes, // dataOut
outputData.length, // dataOutAvailable
&outLength); // dataOutMoved
if (result != kCCSuccess) {
if (error != NULL) {
*error = [NSError errorWithDomain:#"com.your_domain.your_project_name.your_class_name."
code:result
userInfo:nil];
}
return nil;
}
[outputData setLength:outLength];
return [[NSString alloc] initWithData:outputData encoding:NSUTF8StringEncoding];
}
you probably want to base64 encode the data the comes out of the encryption method, and then un-base64 anything that you want to decrypt as well, there are built in methods for NSData to do this now, eg:
[data base64EncodedDataWithOptions:(NSDataBase64EncodingOptions)];
to test if the functions work, i used this test function
+ (void) testEncryptionAndDecryption {
NSData *encrypted = [self tripleDesEncryptString:#"test" key:#"123456789123456789123456" error:nil];
NSLog(#"encrypted data length: %lu", (unsigned long)encrypted.length);
NSString *decrypted = [self tripleDesDecryptData:encrypted key:#"123456789123456789123456" error:nil];
NSLog(#"decrypted text: %#", decrypted);
}
this gave me the correct output that you would expect

Objective-c AES CBC decryption with IV

I have been struggling with this problem for several days now and i can't seem to figure it out
I tried using CCCrypt to decrypt an encrypted string, I have the encrypted string encoded with Base64 encode, I have the key and the iv. The encryption is AES256 CBC with PKCS7Padding.
This is the code i am using right now:
- (NSData *)AES256DecryptWithKey:(NSString *)key
{
char keyPtr[kCCKeySizeAES128+1];
bzero(keyPtr, sizeof(keyPtr));
NSUInteger dataLength = [self length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc( bufferSize );
unsigned char *iv = [#"IV String" cStringUsingEncoding:NSUTF8StringEncoding];
size_t numBytesDecrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
keyPtr, kCCKeySizeAES256,
iv,
[self bytes],
dataLength,
buffer,
bufferSize,
&numBytesDecrypted);
if( cryptStatus == kCCSuccess )
{
return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
}
free( buffer );
return nil;
}
But cryptStatus keeps returning 0 and I couldn't find a way to figure out why.
What am i doing wrong?
Thanks in advance!

uint8_t[] array transform to NSString got (null)

I have no idea why the (char *)uint8_t array transform to NSString doesn't work.
ivString always is (null)
- (IBAction)encryptPacketBtnTouchDown:(id)sender {
NSString *key = #"1234567890123456";
NSData *plain = [plainMessage.text dataUsingEncoding:NSUTF8StringEncoding];
uint8_t initialisationVector[16];
arc4random_buf(initialisationVector, 16);
NSString* ivString = [NSString stringWithUTF8String:(char *)initialisationVector];
NSData *cipherData = [plain AES128EncryptWithKey:key iv:ivString];
[asyncSocket writeData:cipherData withTimeout:-1.0 tag:0];
NSString* cipherString = [[NSString alloc] initWithBytes:[cipherData bytes]
length:[cipherData length]
encoding:NSASCIIStringEncoding];
}
cipherData NSData * 0x1edaf3a0 16 bytes
cipherString NSString * 0x00000000
initialisationVector uint8_t [16]
ivString NSString * 0x00000000
key NSString * 0x000d28c4 #"1234567890123456"
plain NSData * 0x1ed80760 9 bytes
P.S.
NSString* ivString = [[NSString alloc] initWithBytes:initialisationVector
length:16
encoding:NSUTF8StringEncoding];
This also won't works. Still got (null)
The method I am calling is :
- (NSData *)AES128Operation:(CCOperation)operation key:(NSString *)key iv:(NSString *)iv
{
char keyPtr[kCCKeySizeAES128 + 1];
memset(keyPtr, 0, sizeof(keyPtr));
[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
char ivPtr[kCCBlockSizeAES128 + 1];
memset(ivPtr, 0, sizeof(ivPtr));
[iv getCString:ivPtr
maxLength:sizeof(ivPtr)
encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [self length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc(bufferSize);
size_t numBytesCrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(operation,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
keyPtr,
kCCBlockSizeAES128,
ivPtr,
[self bytes],
dataLength,
buffer,
bufferSize,
&numBytesCrypted);
if (cryptStatus == kCCSuccess) {
return [NSData dataWithBytesNoCopy:buffer length:numBytesCrypted];
}
free(buffer);
return nil;
}
- (NSData *)AES128EncryptWithKey:(NSString *)key iv:(NSString *)iv
{
return [self AES128Operation:kCCEncrypt key:key iv:iv];
}

Finally, I got the answer!
I just need treat the uint8_t[] array as a char[] array. Then, transform the char[] array to NSString by below line:
NSString* ivString = [NSString stringWithCString:initialisationVector encoding:NSASCIIStringEncoding];
Result is:
ivString NSString * 0x1d8489c0 #"¹U ¡hÌTÖÆáβÍ"

Can't decrypt the AES cipher text

Edit2
This problem have been solved.The answer is about my other question.And thanks for Hot Licks.
------- Edit separate------------------------------------------------
Edit1: I am sure my ciphertext and my key is correct. Because my workmate decrypt it with C++ and get no problem.By the way, it is ECB mode.
I work very hard on this problem for a week,but I still can't solve it.I really do not know what to do now.
I am developing a cocoa Application，and My server return a ciphertext that encrypt by AES to me.I must decrypt this ciphertext for some information to go next step.
My ciphertext is:
NSString *aesString = #"8DFE2F9A9384573FA0FFAE17C3BEF4CC2BA056CC5CBBFAB57AC78C83AF4EF8A48EA1728D904E87613845377821E01E07CC6C9DEA35516DC595421E0FFC7CAA7A19671E713BB74D84D1DD4FB2C972DD8FACF5D74AD32662E992EA13D2417ABCAEE4137098322394BA76BADBAF4C1DB344704BBF9ED8A1513FF4B2E766526C98A2808B7AE67D1866CB9B489764E70662B1499D8D467A8817D1304AAB8F92EBDDD3E871CC1374CAE96A1428F0C2AFCB3F43E705CDD7649BDE5A363D59125980D0ACBBE32879B96AB15E93F74C08D435B787A8EE734E2773E16AE8F4CB4A5DDAD989F92CF1C609F0F8B81FEDB67F974AE583548B13C86B6FE1925A33A47CBDA8ED54C20F2D8020650BA7FABBF8CBAC00493B6DE423880EF1A1AF8CDDC457C064CD6150AA30D34456E422EA707C313C7FBB428CE1C4E534EA8EDD8C21B62D526522606E6944C4058E631DAFC6F9A539F9A4DFD8AFECCEF51A8A4904A3EFA0A76F3CA55AB56C726B0787D9EBB261CA91F5ABBF985096B327A6269399AC11A23CAFB0B3A6B3FB4AA357FC1644C89B7DEE396C51AF734738E598B765B2384EB8931F4B65D9F4B6C73EE3F1F6C5AA17871D14335153E4058AB9BC0FCAD35DBDB924D00B0A71B985E20CDF530FA5479E2DD8F14D269CE59DA365BAC03FCCB037963E7E3F175A09DD7EFC66E450DF5A16E7233EA55009E4891EF238D003D5837F077C12167428AD19D3DA45D569AA252D5FFD736E134AD3B5654FD82506822BE9B78731C9CA5EE56685153E657E8B385013FF14BBE5A1F5938801E94FE498495C2D94C84A937E1C36A4667A16DFECED471C3902B4B3D1DAA9F2C72A09AF736EF51EBE39F0006667D60DDC9EC20C5C29CC8933E5FB9E293560DB6B152DF4864BD9CF02B0D40D5B24D0326F1D7E251A0CBC692B68FA37212A57F34588D18D6F4F7E59D997A8C4B5E452FE883645B90BD7EE3A4B38754616CA7A9D430620036DBEAD2EC03BEBB5C69E92F9A33951C22E83E68DD85350C7";
and my key is:
NSString *key = #"810B16E3541EF7A4";
I use nicerobot'answer to decrypt my ciphertext and try many other ways. I hope somebody can tell me what to do next.

Convert your encrypted string text to an NSData object using the following code.
NSData* stringData = [encryptedStringText dataUsingEncoding:NSUTF8StringEncoding];
Create the category shown below for NSData and then use it to AES decrypt the NSData content.
NSData* unencryptedData = [stringData AES256DecryptWithKey:keyText];
Convert your NSData object to an NSString.
NSString* unencryptedStringText = [NSString stringWithUTF8String:[unencryptedData bytes]];
#pragma mark -
#pragma mark NSData Encryption Category
// ---------------------------------------------------------
// NSData Category to add Encryption
// ---------------------------------------------------------
#interface NSData (NSDataAESEncryption)
- (NSData *)AES256EncryptWithKey:(NSString *)key;
- (NSData *)AES256DecryptWithKey:(NSString *)key;
#end
#implementation NSData (NSDataAESEncryption)
- (NSData *)AES256EncryptWithKey:(NSString *)key {
char keyPtr[kCCKeySizeAES256+1];
bzero(keyPtr, sizeof(keyPtr));
[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
NSInteger dataLength = [self length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc(bufferSize);
size_t numBytesEncrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
keyPtr, kCCKeySizeAES256,
NULL ,
[self bytes], dataLength,
buffer, bufferSize,
&numBytesEncrypted);
if (cryptStatus == kCCSuccess) {
return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
}
free(buffer);
return nil;
}
- (NSData *)AES256DecryptWithKey:(NSString *)key {
char keyPtr[kCCKeySizeAES256+1];
bzero(keyPtr, sizeof(keyPtr));
[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
NSInteger dataLength = [self length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc(bufferSize);
size_t numBytesDecrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
keyPtr, kCCKeySizeAES256,
NULL ,
[self bytes], dataLength,
buffer, bufferSize,
&numBytesDecrypted);
if (cryptStatus == kCCSuccess) {
return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
}
free(buffer);
return nil;
}
#end

AES accepts an initialization vector. What are you using for that?
If the data is in Hex or Base64, I don't see enough bits in your key for AES-128 (the shortest kind). If the key is the Ascii text of the hex string, that would be 128 bits but that seems a bit hokey. Such things happen but it would not be my first choice.
AES encrypts in multiple, not completely compatible modes, CBC and ECB are two I have worked with.
Anyway, I monkeyed around with this for fifteen minutes and I can’t get anything out of that but trash. I have to agree with HotLicks who suggested that you start with an encrypt/decrypt that runs within the same program.
Good luck,
/Bob Bryan

Try this
+ (NSData *)doCipher:(NSData *)dataIn
iv:(NSData *)iv
key:(NSData *)symmetricKey
context:(CCOperation)encryptOrDecrypt // kCCEncrypt or kCCDecrypt
error:(NSError **)error
{
CCCryptorStatus ccStatus = kCCSuccess;
size_t cryptBytes = 0;
NSMutableData *dataOut = [NSMutableData dataWithLength:dataIn.length + kCCBlockSizeAES128];
ccStatus = CCCrypt( encryptOrDecrypt,
kCCAlgorithmAES128,
0, //kCCOptionPKCS7Padding,
symmetricKey.bytes,
kCCKeySizeAES128,
iv.bytes,
dataIn.bytes,
dataIn.length,
dataOut.mutableBytes,
dataOut.length,
&cryptBytes);
if (ccStatus == kCCSuccess) {
dataOut.length = cryptBytes;
}
else {
if (error) {
*error = [NSError errorWithDomain:#"kEncryptionError"
code:ccStatus
userInfo:nil];
}
dataOut = nil;
}
return dataOut;
}