Comments (11)
Could I just change the line 9 in the encrypt.php like below?
From
$key_size = 32;
To
$key_size = 16;
I am looking forward to hearing from you.
Thanks much.
from rncryptor.
That should be sufficient, though the iOS version wouldn't be able to read it (though MGCryptor could). Is there a reason you want to use a 128-bit key?
from rncryptor.
It's a long story.
I was using RNCryptor1.1 and PHP 5.2.14.
First I couldn't find a right PBKDF2 implementation in PHP, so I just used a pre-generated 128 bit key hardcoded in both iOS and PHP side(kRNCryptorKey) as a temporary solution, I even don't know whether this current temporary implementation is good or not. ( Any recommendation or example for PBKDF2 implementation in PHP 5.2.14? so that I can only use the salf and number of interation.). I tried a lot of examples for implementing PBKDF2 from the stakoverflow, those were not good to work.
Finally, the reason I selected 128 bit key is that is the only way I could be able to implement the encrypt in iOS and decrypt in PHP successfully.
Now I am looking for the method of the encrypt in PHP and decrypt in iOS so I just to want same bit key for both.
I want to share my implementation for the encrypt in iOS and decrypt in PHP and hear from you.
Any code reviews would be very appreciated.
RNCrytor settings
static const RNCryptorSettings kRNCryptorAES256Settings = {
.algorithm= kCCAlgorithmAES128,
.mode = kCCModeCBC,
.keySize = kCCKeySizeAES128,
.blockSize = kCCBlockSizeAES128,
.IVSize = kCCBlockSizeAES128,
.padding = ccPKCS7Padding,
.saltSize = 8,
.PBKDFRounds = 10000,
.HMACAlgorithm = kCCHmacAlgSHA1,
.HMACLength = CC_SHA1_DIGEST_LENGTH,
};
iOS encryption code snippet.
// Start AES128 ecryption
// NSData *key = [[self.cryptor class] randomDataOfLength:kCCKeySizeAES128];
// To create the kRNCryptorKey, I use the above line.
NSData *key = [NSData dataFromBase64String:kRNCryptorKey];
NSData *IV = [[self.cryptor class] randomDataOfLength:kCCBlockSizeAES128];
DebugLog(@"Key: %@", key); DebugLog(@"IV: %@", IV);
NSInputStream *encryptInputStream = [NSInputStream inputStreamWithData:srcData];
NSOutputStream *encryptOutputStream = [NSOutputStream outputStreamToMemory];
[self.cryptor performOperation:kCCEncrypt
fromStream:encryptInputStream
readCallback:nil
toStream:encryptOutputStream
writeCallback:nil
encryptionKey:key
IV:IV
footerSize:0
footer:nil
error:&error];
[encryptOutputStream close];
[encryptInputStream close];
NSData *encryptedData = [encryptOutputStream propertyForKey:NSStreamDataWrittenToMemoryStreamKey];
DebugLog(@"encryptedData: %@", encryptedData);
// Do Base64 encoding for AES128 encrypted data
NSString *encryptedDataBase64 = [encryptedData base64EncodedString];
DebugLog(@"encryptedDataBase64: %@", encryptedDataBase64);
// Attach IV to the encrypted data as a header.
NSString *encryptedDataBase64WithIVHeader = [NSString stringWithFormat:@"%@%@", [IV base64EncodedString], encryptedDataBase64];
DebugLog(@"encryptedDataBase64 plus IV header: %@", encryptedDataBase64WithIVHeader);
//If no error we send the post, voila!
if (!error) {
NSMutableDictionary *params = [[NSMutableDictionary alloc] init];
// Post enctypted
[params setObject:encryptedDataBase64WithIVHeader forKey:@"JSON-Encrypted-Base64"];
// Do Post!
[[RKClient sharedClient] post:postResourcePath params:params delegate:self];
}
PHP decryption code snippet.
function decrypt_data($data, $key) {
$key = base64_decode($key);
$cypher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
// Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
$iv = substr($data, 0, IV_SIZE + sizeof('==')); //print'iv:'; print($iv);
$iv = base64_decode($iv);
// Remove $iv from $data.
$data = substr($data, IV_SIZE + sizeof('==')); //print'data:'; print($data);
$data = base64_decode($data);
// initialize encryption handle
if (mcrypt_generic_init($cypher, $key, $iv) != -1) {
// decrypt
$decrypted = mdecrypt_generic($cypher, $data);
// http://www.php.net/manual/en/function.mdecrypt-generic.php
// We found that sometimes the resulting padding is not null characters "\0" but rather one of several control characters.
// If you know your data is not supposed to have any trailing control characters "as we did" you can strip them like so.
$decrypted = preg_replace( "/\p{Cc}*$/u", "", $decrypted );
// clean up
mcrypt_generic_deinit($cypher);
mcrypt_module_close($cypher);
return trim($decrypted);
}
return false;
}
from rncryptor.
I've just noticed you have hash_pbkdf2() function in the encrypt.php file. Is this hash_pbkdf2() compatible with RNCryptor verion 1.1 and PHP 5.2?
from rncryptor.
hash_pbkdf2() is compatible with RNCryptor (it's the standard PBKDF2 algorithm, so is compatible with every implementation). I don't know specifically which versions of PHP it is designed for.
from rncryptor.
I've juste tested it, it works with RNCryptor 1.1 and PHP5.2.
Thanks much for the work again.
from rncryptor.
In your code, you're stripping the HMAC. This is a critical part of securing AES. Without an HMAC, an attacker can in some cases modify your ciphertext to cause it to decrypt to a different value.
You're also not checking padding correctly; you're just stripping "control characters." The padding should never be null characters; it should also be a byte indicating the number of padding characters (PKCS#7 padding).
There's no reason to use RNCryptor if you're going to strip most if its security features. The basic CCCrypt() call would take less code, and that's all you're wrapping here.
from rncryptor.
Thanks for your answer.
Do you have any example codes for decrypting for PHP?
I know you did good job on encrypting for php through the encrypt.php file.
Thanks always.
from rncryptor.
I haven't written a PHP decrypt() yet. Issue #39
You can see the file format here if you want to create a decryptor. I'm
open to pull requests.
https://github.com/rnapier/RNCryptor/wiki/Data-Format
On Fri, Mar 1, 2013 at 11:31 AM, vsymguysung [email protected]:
Thanks for your answer.
Do you have any example codes for decrypting for PHP?
I know you did good job on encrypting for php through the encrypt.php file.
Thanks always.—
Reply to this email directly or view it on GitHubhttps://github.com//issues/55#issuecomment-14297943
.
Rob Napier -- Software and Security Consulting
Cocoaphony blog -- http://robnapier.net/blog
iOS Programming Pushing the Limits -- http://robnapier.net/book
from rncryptor.
Actually, I would like to create a decryptor for php but I really don't know how to parse the enctypted data in PHP side which is the posted value of [[CPCryptController sharedController].encryptedData base64EncodedString] from the iOS app. If you have a good starting point for this or any references, It will be very helpful.
This is another question. I bought the book called "Pushing the limits", read through the chapter 11 but I don't see any chapter for HMAC.
I don't quite understand what the HMAC role is in AES cryptography, so I couldn't image how the missing HMAC is vulnerable in AES. Could you help me understand the role of HMAC in AES? or
Do you have any resources that I can learn from about HMAC and AES?
from rncryptor.
Hi Rob,
With some research, I was finally able to make a decryptor for PHP and understand what the HMAC is for.
I also made a pull request. Please feel free to comment on it.
Thanks much.
from rncryptor.
Related Issues (20)
- RNCryptor 5.0.3 Support only iOS 11 and up? HOT 1
- RNCryptor not working well on iPhone SE HOT 4
- Missing Export Compliance while App Store submission due to encryption HOT 2
- swift 5 warning 'withUnsafeMutableBytes' is deprecated: use `withUnsafeMutableBytes<R>(_: (UnsafeMutableRawBufferPointer) throws -> R) rethrows -> R` instead HOT 1
- Not able to update to 5.1.0 via Cocoapods HOT 2
- has no member 'baseAddress' HOT 3
- I Can't find rncryptor.h HOT 2
- Building scheme "RNCryptor" in KeyDerivation.xcworkspace HOT 2
- Out of Memory Error while encrypting Large File HOT 1
- swift version not supported HOT 3
- how i can install RNCryptor in my MacoS app HOT 2
- Security threat due to insecure function "memcpy" in RNCryptor.m class HOT 3
- The operation couldn’t be completed. (RNCryptor.RNCryptor.Error error 2.) HOT 1
- What do you use for data? HOT 1
- PEN TEst Issue : Binary makes use of malloc function HOT 1
- When I use this pod, Do I need to fill classification report to the US government? HOT 1
- doesn't work with EMJOis or arabic language HOT 1
- RNCryptor.DecryptorV3 error with flutter HOT 6
- How to use the same key Uint8List on swift HOT 1
- Is flutter library available for this RNCryptor? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rncryptor.