Now I want to encrypt or decrypt some data in object-c use DES algorithm ,can somebody give me some suggestion?
First point. AES has replaced DES as the de-facto encrpytion standard, at least for the banking industry.
Second Point: Irrespective of what algo you decide on, this is what you have to do.
Add the Security.framework to your project.
Import the "CommonCrypto/CommonCryptor.h" file. This contains all the interfaces for symmetric encryption.
Using the methods in this class, you can define your encryption algo (AES, DES, etc.), the key size, padding that you want to use, etc.
You have to option of a one-shot API for encryption/decryption (CCCrypt()) or more advanced options if needed.
Hope this helps. Let me know if you need any particular information.
A code sample can be found in How to encrypt an NSString in Objective C with DES in ECB-Mode?
As the referring topic describes, you will have to keep in mind that DES uses a 56-bit (7 bytes) key and 64-bit (8 bytes) blocks.
Although DES is symmetric you will have to decrypt data by providing the kCCDecrypt option to the CCCrypt function.
Related
I am searching for a way to encrypt a file via AES using Swift in my Cocoa Applications.
As far as I can see the common frameworks (i.e. CryptoSwift) are supposed to encrypt text only.
Is there a specific framework for this job or is there any kind of macOS built in method for this?
Thanks!
Yes, using CommonCrypto is a good start. I would not recommend using any homegrown implementations however.
Doing security right is hard, AES is no exception to this.
You need to use a proper key of the correct length ( 64 or 32 bytes preferred )
You need to use padding ( I recommend PKCS7 ) in case your data is shorter than the blocksize / keysize. AES is not secure on its own and this bit is important.
You also really want to use an initializationVector, ( either appendend or prepended to the final data stream ) since otherwise it would be possible for an attacker to draw correlations between several encrypted streams from the same key
You should also make use of a HMAC ( SHA2-256 and up, also available in commoncrypto ) in order to prevent tampering with your encrypted data and giving you unexpected and potentially harmful result data.
The list goes on, but my memory fails me at this point since It has been a while since I needed to create an implementation.
I would highly recommend googling around for a standard implementation that wraps around CommonCrypto.
I would also suggest that using anything that is written as is ( I.E. CryptoSwift ) is not recommended as the codebase isn't proven and went through proper vetting like Apple's frameworks are.
Is it 'safe' to store cipher parameters in the (unencrypted) header of an encrypted file? Is there anything (other than the key of course!) that shouldn't be stored/transmitted in the clear?
You are using a symmetric encryption, where storing the blocksize, blockmode and keysize would be safe, since you don't (mustn't) make keys available as you stated.
But all such params are in general useful to attackers. If the file cannot easily be associated with a cipher and used params (or the software respectively), an attacker would have considerably more work to do and that's what encryption basically is for. A cipher is secure, while (and because) everyone can see how it works. Additionally trying to hide some information can also add some security.
AES has a fixed block size of 128bits, which itself is not a critical information, knowing of AES itself already. So this one is not needed inside the file header.
The keysize is given by the key itself, so it can be left out too.
The blockmode is the remaining parameter. Just never use ECB. Permanently use a single blockmode like OCB and you don't need to store it in the file aswell.
Predefining all params at both sides is a solution, if you don't intend to change them per file.
Error checking can be done using checksums, which are also critical information, so you may encrypt them together with the data or provide them together with the key.
Perhaps, following approaches can help if you have to transmit the params anyway:
Transmit params in the key file, if you're up to define the format yourself and the keys were distributed on a per file basis.
You could also define different settings by mapping them to some randomly defined enumerators, which don't provide valuable information without knowing the software.
I have read the header of CommonCryptor.h, and only I can find kCCAlgorithmAES128
But there are a few answer in SO stating it can, e.g.
AES Encryption for an NSString on the iPhone
Anyone can answer?
You can always use OpenSSL on iPhone, and that does support AES 256.
That being said, kCCAlgorithmAES128 means a block length of 128, not key length. According to this example code (found in this answer) you simply need to use kCCKeySizeAES256 for the keyLength parameter to get support for 256 bit keys.
Recently I discovered a category of NSData (also NSString) which implements AES en-/decryption. Maybe this is helpful to crypt any kind of data:
Adding methods to NSData and NSString using categories to provide AES256 encryption on iOS
But it seems to have an implementation issue, which makes it incompatible with openSSL.
--
Another useful like might be Properly encrypting with AES with CommonCrypto. To support 256 bit keys just change the kCCKeySizeAES128 to 256.
--
Last but not least this tread looks promising: Decode OpenSSL AES256 string in iOS
If you goto http://www.opensource.apple.com/source/CommonCrypto/CommonCrypto-36064/CommonCrypto/CommonCryptor.h and search AES256 on the page you will find the key size as 256 ,192,128 so yes it does support AES256 encryption.
I have a NSString like #"123456". I want to convert this string into byte array and then I want to shift some bytes using some arithmetic operations. Then I want to apply SHA256Hash on that and finally want to encrypt a string using the final result. I have tried many approaches but still got no success. I am very confused in this.If someone wants to look at code i'll post the code.
Edit:
My actual goal is to encrypt an string using AES256 encryption algorithm. And I want to generate my own key and I want to pass my own IV.
I assume you're trying achieve some kind of security. On the other hand it does not look like you're very familiar with the tools and methods you're using. This is a bad start.
Security is a very difficult thing to do—even for experienced developers. Maybe there's a way to reuse some existing implementation for your security needs.
My advice would be not to reinvent things, especially when they are as hard and as crucial as security.
I am looking for checksum algorithm written in obj-c so that I can validate a ticket(number) and generate 2Dbar code based on validation.
Any ideas on how to achieve this?
Thanks
Sounds like you can use a public-key cryptographic function.
Encrypt with the private key fixed length information, including a number (the real ticket number) and a random salt (to reduce the chance of someone cracking your key), into a fixed length output.
You can then use the public key to decode that output and verify that the information is there.
Here is some Apple sample code that demonstrates the use of cryptographic functions.
For 2D barcode code, you could start by looking at ZXing