ios - Process to encrypt a 128 bit string -
ok. stuck on encryption. walk me through process of how encrypt string using aes 128bit key, cbc, pkcs7padding, base64 format? new encryption bear me here. have posted questions in past relate previous 3rd party libraries none have worked me. if provide me sample code , briefly explain process appreciated. thanks.
for find errors and/or ommisions please either add commwent , revise or edit post directly.
aes 128bit key, cbc, pkcs7padding, base64
- aes: encryption method (advanced encryption standard)
- 128 bit: key length in bits (16 bytes).
- cbc: encryption mode (cipher block chaining)
- pkcs7padding: adding bytes data encrypted make data multiple of block size
- base64: encoding of 8-bit data printable characters. nothing encryption many times used encryption
- block: aes encrypts data block (16 bytes) @ time
- iv: seed value encryption modes including cbc (initialization vector)
needed "aes, 128bit key, cbc, pkcs7padding"
encryption:
- data: 8-bit bytes (any number)
- key: 16 8-bit bytes (exactly)
- iv: 16 8-bit bytes (exactly)
the encryption uses these inputs create encrypted output of 8-bit bytes length longer input due padding create exact multiple of block size. make output data @ least 1 byte longer input.
the output raw bytes, not ascii or unicode encoding. in many cases result must printable characters , base64 encoded achieve that. base64 encoding makes data longer.
decryption:
if data in base64 format decode raw bytes
- data: 8-bit bytes
- key: 16 8-bit bytes (exactly)
- iv: 16 8-bit bytes (exactly)
the output raw 8-bit data bytes, encrypted. if encryption input data ascii or unicode encoding output also.
that there it. difficulties getting 3 items (data,key , iv) exactly same.
many crypto packages accept keys , iv short (or missing in iv case) , pad them necessary length somehow. non-standard , causes problems. easy way around supply values correct length. these data, 8-bit bytes, not strings, if have strings convert data. when comparing data, key , iv hex dumps only. if correxctly encryption/decryption just work.
there couple of other issues:
the key , iv must known both sides (encryption & decryption). key provided 1 side other through separate communications, perhaps snail-mail. iv shared , need not secret, in fact can sent encrypted data.
the key needs , of correct length. in case password function used make longer in non-reversible manner. should not fast. current best practice use pbkdf2 (password based key derivation function) function iteration count. older code tended use simple hash (md5 or sha-*) no longer should used in new work.
apple provided apis in common crypto encryption , key derivation , nsdata base64 encoding.
for free pdf of execelent book handbook of applied cryptography
Comments
Post a Comment