Hey @rnapier,

I'm trying to refresh an old project by different developers who employed this library. However, it always seems to hang in the synchronousResultForCryptor:data:error: method. The semaphore there never seems to get signaled because the handler never seems to get called at all (i.e. https://github.com/RNCryptor/RNCryptor-objc/blob/master/RNCryptor/RNCryptor.m#L99-L122).

Am I missing some sort of dependency or configuration? I tried both with the old version originally in the project as well as the latest version here. I've spent several hours trying to figure this out and am really hoping you might have some ideas.

(For integration, I've tried the original grab-the-source-and-stick-it-in as well as Carthage. I noticed the Security framework is listed in the pod spec but assumed that would be automatically imported where a project generally needs it.)

Thanks in advance for your time in considering my little problem. 😄

P.S. I think I met you at a CocoaConf perhaps four or five years ago when you gave a talk on CoreText. I'm a native of Raleigh myself. 👍

So far, I've been able to encrypt and decrypt nicely in iOS using this RNCryptor lib. But, the trouble comes when decryption needs to happen outside of the iOS playground. Here's what I've tried so far:

password
asdfasdfasdfasdf

plaintext
{ "stuff": "here" }

NSData *encryptedData = [RNEncryptor encryptData:[@"{ \"stuff\": \"here\" }" dataUsingEncoding:NSUTF8StringEncoding]
                                            withSettings:kRNCryptorAES256Settings
                                                password:@"asdfasdfasdfasdf"
                                                   error:&error];

Using password and plaintext in the RNCryptor-objc encryption library I get:
cipher hex
03 01 59 fe 9e 5f f2 c2 05 58 ab 85 29 c5 a5 6f ad 27 5e e0 e8 a1 af f2 1f e4 e9 61 8b 25 44 1b ba ee e4 71 ef 95 e9 16 3b 59 53 a2 74 d9 23 00 57 1f a6 4f b9 ff 86 8d e6 ae 76 5a 4a 15 eb b8 d0 b4 bb 54 50 d0 76 3d 45 1c b5 c3 41 1f 1d 09 b8 97 6a ba 91 44 2e 1f f4 54 42 44 ce 59 b0 cc 0b 14 64 30

Break up cipher hex into parts below according to this format (https://github.com/RNCryptor/RNCryptor-Spec/blob/master/RNCryptor-Spec-v3.md):
——————
version (1 byte)
03

options (1 byte)
01

encryption salt (8 bytes)
59 fe 9e 5f f2 c2 05 58

HMAC salt (8 bytes)
ab 85 29 c5 a5 6f ad 27

IV (16 bytes)
5e e0 e8 a1 af f2 1f e4 e9 61 8b 25 44 1b ba ee

ciphertext (x bytes)
e4 71 ef 95 e9 16 3b 59 53 a2 74 d9 23 00 57 1f a6 4f b9 ff 86 8d e6 ae 76 5a 4a 15 eb b8 d0 b4 bb 54

HMAC (32 bytes)
50 d0 76 3d 45 1c b5 c3 41 1f 1d 09 b8 97 6a ba 91 44 2e 1f f4 54 42 44 ce 59 b0 cc 0b 14 64 30

—————————

Using PBKDF2 function with 32 byte length, 10k iterations, SHA-1, and encryption salt (above), generate an encryption key (http://anandam.name/pbkdf2/):

encryption key
d57972b596a34a18e201d2f6a301424dcf269ccc757e07f91765935af491aa68

Then, decrypt to plaintext using ciphertext, IV, and encryption key using third party AES decryption function (http://extranet.cryptomathic.com/aescalc/index):
Decrypted plaintext in hex
AD409D9EFE09B360B2B905A82C41CE67BD7D106095742BFF055891F8CE1D524EAB6EDC147F565796ED7AAF6F4E8A024A

Convert from hex to ASCII:
Decrypted plaintext in ASCII
@ žþ ³²¹¨,AÎg½}•t+ÿX‘øÎRN«nÜ VW–íz¯oNŠJ

Obviously, I'm missing something here, but I'm not sure what it is. Am I missing padding on the cipher hex and/or HMAC and/or ciphertext? Am I not generating the encryption key correctly?

Thanks for any help you can provide,
Steve Y

Hello!
I Have a aes256-string, generated with this site: https://encode-decode.com/aes256-encrypt-online/
How to decrypt it with this library?

The compiler tells me "Symbols not found for architecture arm64"

"OBJC_CLASS$_RNDecryptor", referenced from:
objc-class-ref
"OBJC_CLASS$_RNEncryptor", referenced from:
objc-class-ref
"_kRNCryptorAES256Settings", referenced from:

How can this be used with Carthage for an Objective-C project?

Hello, is there a way to encrypt an NSDictionary ?? thank for help @rnapier

0

I use the RNCrytpor in my IOS app to encrypt and when I try too decrypt in server side with PHP, sometimes that work and sometime not, I don't know why, I have no error information in PHP side.

This is my simple IOS code to encrypt (I try to encrypt the current Timestamp only for my test)

NSString *password = @"myPassword";
//ENCRYPT TEST

NSDate *date = [NSDate date];
NSTimeInterval ti = [date timeIntervalSince1970];
NSString *strTmSmp = [NSString stringWithFormat:@"%.0f",ti];


NSString *strKey = [NSString stringWithFormat:@"hello_%@",strTmSmp];

NSData *data = [strKey dataUsingEncoding:NSUTF8StringEncoding];
NSError *error;
NSData *encryptedData = [RNEncryptor encryptData:data
withSettings:kRNCryptorAES256Settings
  password:password
     error:&error];

NSString *keyValue = [encryptedData base64EncodedStringWithOptions:0];

NSDictionary *params = @{  @"key":  keyValue };

I use AfNetworking to POST my request

This is my simple PHP code to decrypt

$password = "myPassword";
$base64Encrypted = $_POST['key'];
$cryptor = new \RNCryptor\RNCryptor\Decryptor;
$plainText = @cryptor->decrypt($base64Encrypted,$password);
echo $plainText;

if someone can help me

Does RNCryptor-objc support GCM encryption? Fortify reports security issues for AES CBC.

See RNCryptor/RNCryptor#184

Can I use like this, I just need simple use and less params? But It is not work correct for me. The 'base64Encrypt' is not right.

const RNCryptorSettings kRNCryptorAES128Settings = {
    .algorithm = kCCAlgorithmAES128,
    .blockSize = kCCBlockSizeAES128,
    .IVSize = kCCBlockSizeAES128,
    .options = kCCOptionPKCS7Padding
};

    NSData *data = [@"Data" dataUsingEncoding:NSUTF8StringEncoding];
    NSError *error;
    NSData *encryptedData = [RNEncryptor encryptData:data
                                        withSettings:kRNCryptorAES128Settings
                                       encryptionKey:[@"15hcxttc3gas63st" dataUsingEncoding:NSUTF8StringEncoding]
                                             HMACKey:NULL
                                                  IV:[@"1234567890123456" dataUsingEncoding:NSUTF8StringEncoding]
                                               error:&error];
    
    NSString *base64Encrypt = [encryptedData base64EncodedStringWithOptions:0];

We are using RNCryptor-objc library in our project for the purpose of encryption/decryption. While running static analyser tool for maintaining best security practices in our project, we have found one critical issue reported by the tool. Below is the issue:

Issue: "CBC mode is vulnerable to padding oracle attacks. CTR mode is the superior choice because it does not have these weaknesses."

As per the Description of RNCryptor-objc, the library used CBC mode.

So, I want to ask, is there any CTR mode version available for us to use. And if not, is there any possibility that you guys add it here in the library.

Also, there is a link placed in the library which says, "Mode changes for RNCryptor" but the link is not working.

Please let us know if you can help here and add the required mode which will be safer to use. Thanks!

I try to use RNCryptor in my app like so:

In my project:
Cartfile: github "RNCryptor/RNCryptor-objc"
carthage update RNCryptor-objc
Add framework to "General / Linked frameworks and libraries"

In a class file:
#import <RNCryptor/RNCryptor.h>

When trying to build:
While building module 'RNCryptor' imported from /Users/udo/Documents/Xcode-Projects/aktiv/Tresor/Shared/TSCryptoKeys.m:11: In file included from <module-includes>:1: In file included from /Users/udo/Documents/Xcode-Projects/aktiv/Tresor/Carthage/Build/iOS/RNCryptor.framework/Headers/RNCryptor iOS.h:22: /Users/udo/Documents/Xcode-Projects/aktiv/Tresor/Carthage/Build/iOS/RNCryptor.framework/PrivateHeaders/RNCryptorEngine.h:29:9: fatal error: 'RNCryptor.h' file not found #import "RNCryptor.h" ^ 1 error generated.

What am I doing wrong?

Hello Rob,
Thank you very much for your effort in creating this brilliant library and spending time on maintaining it.
Could you please clarify the below question?
I have a bunch of audio files which are encrypted and stored in the server. The key is bundled with the client application.
Is it possible to use RNCryptor to decrypt the files during download, so that I can start playback before the file is completely downloaded?
I have gone through this discussion and as I understand, it is not supported, as of now.

Please share your thoughts on this.

Hi,
I got a problem when I decrypted my encrypted audio file, after called '[decryptor isFinished]', the problem would appear. The error is "HMAC Mismatch", but I have no idea to solve it.

`- (void)encryptionDidFinish {
if (self.encryptor.error) {
//---> code often comes here!!! I can't get correct audio file. <---\
self.encryptedData = nil;
self.encryptor = nil;
}
else {
// self.encryptedData is complete. Use it as you like
[self writeEncryptedData];
if ([self.delegate respondsToSelector:@selector(onEncryptionDidFinish)]) {
[self.delegate onEncryptionDidFinish];
}
self.encryptedData = nil;
self.encryptor = nil;
}

}`

How can I import this using SPM in a objc project? Seems like Package.swift file is missing

Hi Rob.

Enjoying your encryption framework. But with the latest release it appears you have removed the RNOpenSSL encrypt and decrypt files.

I was unable to decrypt a file encrypted via terminal with OpenSSL. I tried the Basic Objective-C Usage in your documentation.

Is it still possible to use openssl with the latest RNCryptor version?

/Philip Borges

Hello there,

Is there anyone who managed to use RNCryptor on an iOS 13 device ? if so what's the compatible version ?

I already replied with this in my issue asking about ObjC support in the Swift 5.0 RNCryptor, but the Swift one had decryption that happened synchronously. We need that in the ObjC version as well. I've temporarily done it in my local copy of the code but would defer to an appropriate implementation done in the style of the implementor.

Hi. @rnapier thank you for a job. I have a question. In my application I use UIWebVIew to view files (except images). UIWebVIew required data or link to the file. Data - not suitable for files can be quite large - so I can use NSOutputStream for decrypt - but in this case will need to create a local copy of the decrypted file (in a temp dir). Is there an alternative way, do not make copies of decrypted files?

Are you planning on adding it?

In the ios11 beta version, will report the following error: Conflicting types for 'SecRandomCopyBytes'
How can i solve it?

Hi
In the file RNEncryptor.m we have a security issue for code correctness.The snippet where issue is the method:
(NSData *)randomDataOfLength:(size_t)length
{
NSMutableData *data = [NSMutableData dataWithLength:length];

int result;
if (&SecRandomCopyBytes != NULL) {
result = SecRandomCopyBytes(NULL, length, data.mutableBytes);
}
Description: The issue is raised for &SecRandomCopyBytes i.e Because it is missing trailing parentheses, the expression on line 386 in RNCryptor.m refers to the value of a function pointer rather than the return value of the function.
Please suggest if the conecern is valid or not.

I can get the fileSize of a file at a path, like this:

NSData* file = [NSData dataWithContentsOfFile:path];
float fileSize = [file length];

Is there anyway to get the size of the file after it has been encrypted without actually encrypting it like this:

NSData *data = [NSData dataWithContentsOfFile:path];
NSData *encrypted_data = [RNCryptor encryptData:data password:password];

When encrypting/decrypting large files, in our case, the memory usage spikes to 1.5G and app quickly crashes. We found the problem to be caused by RNCryptorEngine:addData:error creating 48K NSData objects that are not released fast enough. The fix is pretty simple: to add @autoreleaseblock to the two functions that use RNCryptorEngine:addData:error:

RNEncryptor:

- (void)addData:(NSData *)data
{
    if (self.isFinished) {
        return;
    }
    
    dispatch_async(self.queue, ^{
        @autoreleasepool { // this fixes the memory issue
            if (!self.haveWrittenHeader) {
                NSData *header = [self header];
                [self.outData setData:header];
                if (self.hasHMAC) {
                    CCHmacUpdate(&self->_HMACContext, [header bytes], [header length]);
                }
                self.haveWrittenHeader = YES;
            }
            
            NSError *error = nil;
            NSData *encryptedData = [self.engine addData:data error:&error];
            if (!encryptedData) {
                [self cleanupAndNotifyWithError:error];
            }
            if (self.hasHMAC) {
                CCHmacUpdate(&self->_HMACContext, encryptedData.bytes, encryptedData.length);
            }
            
            [self.outData appendData:encryptedData];
            
            dispatch_sync(self.responseQueue, ^{
                self.handler(self, self.outData);
            });
            [self.outData setLength:0];
        }
    });
}

RNDecryptor:

- (void)decryptData:(NSData *)data
{
    dispatch_async(self.queue, ^{
        @autoreleasepool { // this fixes the memory issue
            if (self.hasHMAC) {
                CCHmacUpdate(&self->_HMACContext, data.bytes, data.length);
            }
            
            NSError *error = nil;
            NSData *decryptedData = [self.engine addData:data error:&error];
            
            if (!decryptedData) {
                [self cleanupAndNotifyWithError:error];
                return;
            }
            
            [self.outData appendData:decryptedData];
            
            dispatch_sync(self.responseQueue, ^{
                self.handler(self, self.outData);
            });
            [self.outData setLength:0];
        }
    });
}

Hi,

"If you can,you test this issue first !"

when i using "encryptData" many time,app opens too many mach port('top' command show me open ports - #PRTS field) - when open ports go over 4000 app crashed!

I am getting the above warning message in 6 places in the RNCryptor library. Full message is:

Pods/RNCryptor-objc/RNCryptor/RNDecryptor.m:169:21:
Block implicitly retains 'self'; explicitly mention 'self' to indicate this is intended behavior

Also found in:
RNDecryptor.m:312:20
RNEncryptor.m:202:23
RNEncryptor.m:213:21
RNEncryptor.m:236:21
RNEncryptor.m:238:20

Everything else with the library seems to be working great! (I'm just trying to get rid of all warnings in my project, whether from my code or not.)

Hi ,
I have issue in RNCryptor.m file
RNCryptor.m:61:12: Conflicting types for 'SecRandomCopyBytes'
I am using pod 'RNCryptor-objc' .
My App is crashing becasue fo this issue .
Please let me know when do we have fix for this.

Thanks,
Venkat

While writing at Podfile as pod 'RNCryptor-objc', '3.0.5', it gives error as below:

[!] Unable to satisfy the following requirements:

- `RNCryptor-objc (= 3.0.5)` required by `Podfile`

None of your spec sources contain a spec satisfying the dependency: `RNCryptor-objc (= 3.0.5)`.

You have either:
 * out-of-date source repos which you can update with `pod repo update` or with `pod install --repo-update`.
 * mistyped the name or version.
 * not added the source repo that hosts the Podspec to your Podfile.

Note: as of CocoaPods 1.0, `pod repo update` does not happen on `pod install` by default.

If writing without version as pod 'RNCryptor-objc' , it installs 3.0.2

I tried successfully your example code for working with streams. Using this library i can encrypt and decrypt files with the setting kRNCryptorAES256Settings.

But what setting is necessary to decrypt files, that were encrypted for instance with the "aes-256-cbc"-algorithm?

When i encrypt a file in the terminal with

openssl enc -aes-256-cbc -in m1010.jpg -out m1010.data

and decrypt this using RNDecryptor, the output is totally different and wrong.

Is there a list of corresponding settings available according to this library and those that are available in openssl? Thank you very much in advance

Hi,

I use rncryptor for encryption in python

rncryptor.encrypt(data, password)

and decrypt it in Objc:

[RNDecryptor decryptData:encryptedData
                                                    withPassword:aPassword
                                                           error:&error];

but error return Unknown header

I have checked password both side, and try for decrypt with python and it's works.

Hi,

We are getting fortify security issue in function + (NSData *)randomDataOfLength:(size_t)length on below line
if (&SecRandomCopyBytes != NULL) {

Description :

This expression will always be non-null because it references a function pointer rather than the return value of the function.

Example 1: The following conditional will never fire. The predicate getChunk == NULL will always be false because getChunk is the name of a function defined in the program.

if (getChunk == NULL)
return ERR;

Thanks,
Usman

I have run the penetrating security test on the iOS app found issue with RNEncryptor library.
pen test error : The binary may contain the following insecure API(s).

Following are the classes which used insecure api methods (memcpy)-

• RNCryptor.m (Line number 242, 275, 279, 282)

Could you provide a solution for this?
Please suggest if you have any alternative for it.

Hi Please
Kindly suggest me driod one image file encrypted using RNencryptorNative that file I will decrypt in RNEncryptor in ios.Is it possible if not why please exaplin

Thanks
Smily