encrypt.php example for AES128 about rncryptor HOT 11 CLOSED

Could I just change the line 9 in the encrypt.php like below?

From

$key_size = 32;  

To

$key_size = 16;

I am looking forward to hearing from you.
Thanks much.

from rncryptor.

That should be sufficient, though the iOS version wouldn't be able to read it (though MGCryptor could). Is there a reason you want to use a 128-bit key?

from rncryptor.

It's a long story.

I was using RNCryptor1.1 and PHP 5.2.14.

First I couldn't find a right PBKDF2 implementation in PHP, so I just used a pre-generated 128 bit key hardcoded in both iOS and PHP side(kRNCryptorKey) as a temporary solution, I even don't know whether this current temporary implementation is good or not. ( Any recommendation or example for PBKDF2 implementation in PHP 5.2.14? so that I can only use the salf and number of interation.). I tried a lot of examples for implementing PBKDF2 from the stakoverflow, those were not good to work.

Finally, the reason I selected 128 bit key is that is the only way I could be able to implement the encrypt in iOS and decrypt in PHP successfully.
Now I am looking for the method of the encrypt in PHP and decrypt in iOS so I just to want same bit key for both.

I want to share my implementation for the encrypt in iOS and decrypt in PHP and hear from you.
Any code reviews would be very appreciated.

RNCrytor settings

static const RNCryptorSettings kRNCryptorAES256Settings = {
    .algorithm= kCCAlgorithmAES128,
    .mode = kCCModeCBC,
    .keySize = kCCKeySizeAES128,
    .blockSize = kCCBlockSizeAES128,
    .IVSize = kCCBlockSizeAES128,
    .padding = ccPKCS7Padding,
    .saltSize = 8,
    .PBKDFRounds = 10000,
    .HMACAlgorithm = kCCHmacAlgSHA1,
    .HMACLength = CC_SHA1_DIGEST_LENGTH,
};

iOS encryption code snippet.

 // Start AES128 ecryption
 // NSData *key = [[self.cryptor class] randomDataOfLength:kCCKeySizeAES128];
 // To create the kRNCryptorKey, I use the above line.
        NSData *key = [NSData dataFromBase64String:kRNCryptorKey];
        NSData *IV = [[self.cryptor class] randomDataOfLength:kCCBlockSizeAES128];
        DebugLog(@"Key: %@", key); DebugLog(@"IV: %@", IV);

        NSInputStream *encryptInputStream = [NSInputStream inputStreamWithData:srcData];
        NSOutputStream *encryptOutputStream = [NSOutputStream outputStreamToMemory];

        [self.cryptor performOperation:kCCEncrypt
                            fromStream:encryptInputStream
                          readCallback:nil
                              toStream:encryptOutputStream
                         writeCallback:nil
                         encryptionKey:key
                                    IV:IV
                            footerSize:0
                                footer:nil
                                 error:&error];

        [encryptOutputStream close];
        [encryptInputStream close];

        NSData *encryptedData = [encryptOutputStream propertyForKey:NSStreamDataWrittenToMemoryStreamKey];
        DebugLog(@"encryptedData: %@", encryptedData);

        // Do Base64 encoding for AES128 encrypted data
        NSString *encryptedDataBase64 = [encryptedData base64EncodedString];
        DebugLog(@"encryptedDataBase64: %@", encryptedDataBase64);

        // Attach IV to the encrypted data as a header.
        NSString *encryptedDataBase64WithIVHeader = [NSString stringWithFormat:@"%@%@", [IV base64EncodedString], encryptedDataBase64];
        DebugLog(@"encryptedDataBase64 plus IV header: %@", encryptedDataBase64WithIVHeader);

        //If no error we send the post, voila!
        if (!error) {
            NSMutableDictionary *params = [[NSMutableDictionary alloc] init];
             // Post enctypted
            [params setObject:encryptedDataBase64WithIVHeader forKey:@"JSON-Encrypted-Base64"];       

            // Do Post!
            [[RKClient sharedClient] post:postResourcePath params:params delegate:self];   
        }

PHP decryption code snippet.

function decrypt_data($data, $key) {

    $key = base64_decode($key);

    $cypher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');

    // Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
    $iv = substr($data, 0, IV_SIZE + sizeof('==')); //print'iv:'; print($iv); 
    $iv = base64_decode($iv);

    // Remove $iv from $data.
    $data = substr($data, IV_SIZE + sizeof('==')); //print'data:'; print($data); 
    $data = base64_decode($data);

    // initialize encryption handle
    if (mcrypt_generic_init($cypher, $key, $iv) != -1) {

            // decrypt
            $decrypted = mdecrypt_generic($cypher, $data);

            // http://www.php.net/manual/en/function.mdecrypt-generic.php
            // We found that sometimes the resulting padding is not null characters "\0" but rather one of several control characters.
            // If you know your data is not supposed to have any trailing control characters "as we did" you can strip them like so.
            $decrypted = preg_replace( "/\p{Cc}*$/u", "", $decrypted );  

            // clean up
            mcrypt_generic_deinit($cypher);
            mcrypt_module_close($cypher);

            return trim($decrypted);
    }   

    return false;

}

from rncryptor.

I've just noticed you have hash_pbkdf2() function in the encrypt.php file. Is this hash_pbkdf2() compatible with RNCryptor verion 1.1 and PHP 5.2?

from rncryptor.

hash_pbkdf2() is compatible with RNCryptor (it's the standard PBKDF2 algorithm, so is compatible with every implementation). I don't know specifically which versions of PHP it is designed for.

from rncryptor.

I've juste tested it, it works with RNCryptor 1.1 and PHP5.2.
Thanks much for the work again.

from rncryptor.

In your code, you're stripping the HMAC. This is a critical part of securing AES. Without an HMAC, an attacker can in some cases modify your ciphertext to cause it to decrypt to a different value.

You're also not checking padding correctly; you're just stripping "control characters." The padding should never be null characters; it should also be a byte indicating the number of padding characters (PKCS#7 padding).

There's no reason to use RNCryptor if you're going to strip most if its security features. The basic CCCrypt() call would take less code, and that's all you're wrapping here.

from rncryptor.

Thanks for your answer.
Do you have any example codes for decrypting for PHP?
I know you did good job on encrypting for php through the encrypt.php file.
Thanks always.

from rncryptor.

I haven't written a PHP decrypt() yet. Issue #39

You can see the file format here if you want to create a decryptor. I'm
open to pull requests.

https://github.com/rnapier/RNCryptor/wiki/Data-Format

On Fri, Mar 1, 2013 at 11:31 AM, vsymguysung [email protected]:

Thanks for your answer.
Do you have any example codes for decrypting for PHP?
I know you did good job on encrypting for php through the encrypt.php file.
Thanks always.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/55#issuecomment-14297943
.

Rob Napier -- Software and Security Consulting
Cocoaphony blog -- http://robnapier.net/blog
iOS Programming Pushing the Limits -- http://robnapier.net/book

from rncryptor.

Actually, I would like to create a decryptor for php but I really don't know how to parse the enctypted data in PHP side which is the posted value of [[CPCryptController sharedController].encryptedData base64EncodedString] from the iOS app. If you have a good starting point for this or any references, It will be very helpful.

This is another question. I bought the book called "Pushing the limits", read through the chapter 11 but I don't see any chapter for HMAC.
I don't quite understand what the HMAC role is in AES cryptography, so I couldn't image how the missing HMAC is vulnerable in AES. Could you help me understand the role of HMAC in AES? or
Do you have any resources that I can learn from about HMAC and AES?

from rncryptor.

Hi Rob,
With some research, I was finally able to make a decryptor for PHP and understand what the HMAC is for.
I also made a pull request. Please feel free to comment on it.
Thanks much.

from rncryptor.