I have a NSString like #"123456". I want to convert this string into byte array and then I want to shift some bytes using some arithmetic operations. Then I want to apply SHA256Hash on that and finally want to encrypt a string using the final result. I have tried many approaches but still got no success. I am very confused in this.If someone wants to look at code i'll post the code.
Edit:
My actual goal is to encrypt an string using AES256 encryption algorithm. And I want to generate my own key and I want to pass my own IV.
I assume you're trying achieve some kind of security. On the other hand it does not look like you're very familiar with the tools and methods you're using. This is a bad start.
Security is a very difficult thing to do—even for experienced developers. Maybe there's a way to reuse some existing implementation for your security needs.
My advice would be not to reinvent things, especially when they are as hard and as crucial as security.
Related
For reference I only know python so that's what I've been working with.
I've recently been looking into making my own hashing algorithm to further my understanding on how they work, I'm not looking into creating the most cryptographically secure hashing algorithm, just something that is a bit more secure than validating passwds in plain-text.(in other words I don't care if this algorithm has copious amounts of collisions.
From what I understand about hash functions is that they use ???? to obfuscate the input password. Where I'm getting caught up is how the function takes a user input, like "password1" and translates that into numbers the system can work with, then, what exact methods do they use to obfuscate them?
Apologies if this is a stupid question but I cant find any material on this that isn't way beyond my understanding or basic enough where they gloss over what happens inside the hash algorithm.
I am searching for a way to encrypt a file via AES using Swift in my Cocoa Applications.
As far as I can see the common frameworks (i.e. CryptoSwift) are supposed to encrypt text only.
Is there a specific framework for this job or is there any kind of macOS built in method for this?
Thanks!
Yes, using CommonCrypto is a good start. I would not recommend using any homegrown implementations however.
Doing security right is hard, AES is no exception to this.
You need to use a proper key of the correct length ( 64 or 32 bytes preferred )
You need to use padding ( I recommend PKCS7 ) in case your data is shorter than the blocksize / keysize. AES is not secure on its own and this bit is important.
You also really want to use an initializationVector, ( either appendend or prepended to the final data stream ) since otherwise it would be possible for an attacker to draw correlations between several encrypted streams from the same key
You should also make use of a HMAC ( SHA2-256 and up, also available in commoncrypto ) in order to prevent tampering with your encrypted data and giving you unexpected and potentially harmful result data.
The list goes on, but my memory fails me at this point since It has been a while since I needed to create an implementation.
I would highly recommend googling around for a standard implementation that wraps around CommonCrypto.
I would also suggest that using anything that is written as is ( I.E. CryptoSwift ) is not recommended as the codebase isn't proven and went through proper vetting like Apple's frameworks are.
If I have the original and encrypted string how can I find out the encryption method?
for example I have original string 0812388140 and the encoded one B2BCxW1tnHkzEfMfJM888Q==.
If the encryption algorithm is secure (like any of the most supported ones is) you cannot: they are designed to make the encrypted text appear as random data, so none of them leaves a 'signature' that will hint you.
Think about it this way: The cryptosystem is a "black box machine". You can put in a string, and you get out a string at the other end. You're not allowed to look inside. What you're asking is really how can I tell the inner workings of the black box by looking at what comes out when a single string is fed to the box? Clearly, you cannot do this.
You cannot find-out the algorithm by simply looking at the encrypted result.
I was discussing this with some friends and we began to wonder about this. Could someone gain access to URLs or other values that are contained in the actual objective-c code after they purchase your app?
Our initial feeling was no, but I wondered if anyone out there had definitive knowledge one way or the other?
I do know that .plist files are readily available.
Examples could be things like:
-URL values kept in a string
-API key and secret values
Yes, strings and information are easily extractable from compiled applications using the strings tool (see here), and it's actually even pretty easy to extract class information using class-dump-x (check here).
Just some food for thought.
Edit: one easy, albeit insecure, way of keeping your secret information hidden is obfuscating it, or cutting it up into small pieces.
The following code:
NSString *string = #"Hello, World!";
will produce "Hello, World!" using the strings tool.
Writing your code like this:
NSString *string = #"H";
string = [stringByAppendingString:#"el"];
string = [stringByAppendingString:#"lo"];
...
will show the characters typed, but not necessarily in order.
Again: easy to do, but not very secure.
When you purchase an app it is saved on your hard disk as "FooBar.ipa"; that file is actually in Zip format. You can unzip it and inspect the contents, including searching for strings in the executable. Try it! Constant values in your code are not compressed, encrypted, or scrambled in any way.
I know this has already been answered, but I want to give my own suggestion too.
Again, please remember that all obfuscation techniques are never 100% safe, and thus are not the best, but often they are "good enough" (depending on what you want to obfuscate). This means that a determined cracker will be able to read your strings anyways, but these techniques may stop the "casual cracker".
My other suggestion is to "crypt" the strings with a simple XOR. This is incredibly fast, and does not require any authorization if you are selling the app through the App Store (it does not fall into the categories of algorithms that require authorization for exporting them).
There are many snippets around for doing a XOR in Cocoa, see for example: http://iphonedevsdk.com/forum/iphone-sdk-development/11352-doing-an-xor-on-a-string.html
The key you use could be any string, be it a meaningless sequence of characters/bytes or something meaningful to confuse readers (e.g. use name of methods, such as "stringWithContentsOfFile:usedEncoding:error:").
I am looking for checksum algorithm written in obj-c so that I can validate a ticket(number) and generate 2Dbar code based on validation.
Any ideas on how to achieve this?
Thanks
Sounds like you can use a public-key cryptographic function.
Encrypt with the private key fixed length information, including a number (the real ticket number) and a random salt (to reduce the chance of someone cracking your key), into a fixed length output.
You can then use the public key to decode that output and verify that the information is there.
Here is some Apple sample code that demonstrates the use of cryptographic functions.
For 2D barcode code, you could start by looking at ZXing