[php] Convert encrypted data to string?

[thehellsoul]

I need to send encrypted data as string to server.
I tried :
let encryptedString = NSString(data: encryptedData, encoding: NSUTF8StringEncoding)
println(encryptedString)
but the result is nil
So can you add a function to convert encrypted data to string?

[krzyzanowskim]

It is not much related to CryptoSwift, more stackoverflow question.

Anyway, depends what format is expected by your server you may expect different result. It may be Base64, or hex representation of bytes.

• base64:

    let base64String = data.base64EncodedStringWithOptions(NSDataBase64EncodingOptions.allZeros)

• hex representation by reading hexString property on NSData defined in NSDataExtension.

    let hexString = data.hexString

[bradleybernard]

The format of this

let base64String = data.base64EncodedStringWithOptions(NSDataBase64EncodingOptions.allZeros)

is not the same as PHP's function base64encode()... do you know anything about that? How to match it up to PHP function would be awesome. Would help alot thanks!

[krzyzanowskim]

for the same input data, base64 output have to be the same. Are you sure input data is the same?

[bradleybernard]

Yes I am sure the input data is the same. The PHP function always returns two == at the end of the string while iOS produces only one = at the end of the string. It also worries me because iOS has options for base64 encoding while PHP doesn't

[krzyzanowskim]

It looks like input to base64 encryption methods are different, but if you say it's not... I don't know. Actually I'm not familiar if there is difference between iOS and PHP in regard of Base64. I would recommend double check encryption output result.

[bradleybernard]

Yes I will double check, I have another question though. Is the AES example provided AES-256? It just says aes.encrypt but how do I know its 256? I know nothing about encryption stuff...

[bradleybernard]

The PHP side is AES-256 that is why I'm asking.

[krzyzanowskim]

256 (bits) is length of the key. If you key is 32 bytes long, then it's AES-256.

[bradleybernard]

So if PHP and iOS have a 16 character key then they should both still product same output? I have 16 chars instead of 32. I am doing this to create a key:

iOS
var keyStr = String("abcdefghijklmnop")
let keyData = NSData.withBytes(UInt8)

PHP
Crypt::setKey("abcdefghijklmnop");
Crypt::encrypt("data")

[krzyzanowskim]

16 bytes long key is for AES-128. I don't know how "Crypt" class is working, couldn't find it on php documentation site.

[bradleybernard]

Sorry I forgot to include I am using a PHP framework called Laravel. Here is docs on Crypt class:

https://github.com/laravel/framework/blob/4.2/src/Illuminate/Encryption/Encrypter.php

[bradleybernard]

I might be doing something wrong on PHP side

[krzyzanowskim]

This PHP class doesn't just do AES encryption. It is doing a much more by constructing actual message.
"padAndMcrypt()" (which is protected method) is padding and encryption, while "encrypt()" is doing much more, see https://github.com/laravel/framework/blob/4.2/src/Illuminate/Encryption/Encrypter.php#L53

if you need to replicate this output format you have to handle it on iOS by yourself.

[bradleybernard]

But isn't the crypto swift padding too? The option to add padding can be turned on to match that encryption on PHp?

Sent from my iPhone

On Feb 1, 2015, at 1:30 PM, Marcin Krzyzanowski [email protected] wrote:

This PHP class doesn't just do AES encryption. It is doing a much more by constructing actual message.
"padAndMcrypt()" (which is protected method) is padding and encryption, while "encrypt()" is doing much more, see https://github.com/laravel/framework/blob/4.2/src/Illuminate/Encryption/Encrypter.php#L53

if you need to replicate this output format you have to handle it on iOS by yourself.

—
Reply to this email directly or view it on GitHub.

[krzyzanowskim]

it is, just php encrypt() is doing much more, is calculating MAC, creating JSON, combine IV and cipher result, then this all is encoded with base64

    public function encrypt($value)
    {
        $iv = mcrypt_create_iv($this->getIvSize(), $this->getRandomizer());
        $value = base64_encode($this->padAndMcrypt($value, $iv));
        // Once we have the encrypted value we will go ahead base64_encode the input
        // vector and create the MAC for the encrypted value so we can verify its
        // authenticity. Then, we'll JSON encode the data in a "payload" array.
        $mac = $this->hash($iv = base64_encode($iv), $value);
        return base64_encode(json_encode(compact('iv', 'value', 'mac')));
    }

[bradleybernard]

Ok thanks for the help! I will attempt what you stated in making the IV random. I am very happy that you showed me how to do all of this.

[bradleybernard]

Ok good news! I believe I got it :D

Swift: https://gist.github.com/bradbernard/2a7af4c2200cb3794768
PHP: https://gist.github.com/bradbernard/7789c2dd8d17c2d8304b

Sigh of relief! You are awesome.

[krzyzanowskim]

thats good, you made it! awsome. Have a good week.

[bradleybernard]

Thanks! You too :D

Sent from my iPhone

On Feb 2, 2015, at 1:32 AM, Marcin Krzyzanowski [email protected] wrote:

week, not weekend :-)

—
Reply to this email directly or view it on GitHub.

[tlarevo]

@krzyzanowskim and @bradbernard, thanks a lot for the awesome library and providing code samples for php and Swift 👍 .

However I found few issues on the Swift code and using other related resources I found, I've updated the code for latest version of CryptoSwift and made some improvements as well. If you find anything wrong, you are more than welcome to let me know :)

I'm posting it here for anyone who comes here looking for answers.

Swift: PHP compatible Swift AES Encryption using CryptoSwift
PHP: Swift compatible PHP AES Encryption using mcrypt

Thank you

[xhuliohasa]

Hello,
I am using cryptoSwift and I want to encrypt text using a key with 32 bytes,

this is my encrypt function

public func Encrypt(plainText text:String, plainText key:String)->String{

    let secretKey = utilityClass.cipher(key)
    let kkey:String = secretKey;
    let key = [UInt8] (kkey.utf8);
    let iiv:String = secretKey;
    let iv = [UInt8] (iiv.utf8);


    do {

        let encryptedBytes: [UInt8] = try! text.encrypt(AES(key: key, iv: iv))

        let toBase64 = NSData(bytes: encryptedBytes).base64EncodedStringWithOptions(NSDataBase64EncodingOptions.Encoding64CharacterLineLength)
        return toBase64
    }

}

}

and i get an error like this "Block size and Initialization Vector must be the same length!"

I know there is a problem with the bytes because it requires a key with 16 bytes but please can you help me how to fix this?

[krzyzanowskim]

@xhuliohasa it may be everything, but you did not show us input data. this is crucial. Please make sure that IV is in the right size of AES.blockSize

[xhuliohasa]

how do i assign it because i'm new in swift and it's crypting, i know this is a beginner's question but please help me

[teppotk]

Thank you @krzyzanowskim for these clarifications. However, these examples are from 2015 and now in 2017 I believe much has changed in CryptoSwift and Swift.

For example, from your code on Feb 2, 2015, the following line doesn't work at all anymore:

let decryptedTryData = Cipher.AES(key: keyData, iv: ivData, blockMode: .CBC).decrypt(encryptedStrData)

Xcode claims Cipher.AES is not available or something to that effect.

Could you produce an similar example with BASE64 decoding and all that uses the "try AES()" way of doing this, which I guess is a more current form in CryptoSwift?

Something like this I guess:
let decryptedTryData = try! AES(key: keyDataStr, iv: ivDataStr, blockMode: .CBC, padding: PKCS7()).decrypt(encryptedStrDataNSData)

I tried putting in your code from FEB 2, 2015, but Xcode doesn't accept much of it anymore, force-modifies it and I'm not sure if it's working as planned after all those Xcode syntax modifications. Also thus a clean modern example would be very much appreciated.

Thank you in advance.

[teppotk]

In particular with live-data and my modifications, I'm getting this error, or nils:

CryptoSwift.AES.Error.DataPaddingRequired

[krzyzanowskim]

@teppotk look at README, check Playground it's all there.

[teppotk]

@krzyzanowskim Thanks, I've actually got things working pretty well in Swift with my own test data, but not with actual data that I have incoming. The problem comes when incoming string has 16 bytes of IV included in the beginning. Once I get that subrange out from the beginning, the rest i.e. the message, doesn't decrypt anymore. CryptoSwift complains about padding error. Since there's no .padding attribute anymore (I believe), I've tried creating my own padding algorithm, but I don't think it works as it should as output is garbled and doesn't decrypt right.

This case is not shown in the current README I believe. Would it be possible to add IV subrange removal + padding handling somewhere in the README?

This particular example below is probably what I'd need. But this old code (again from FEB 2, 2015) goes all red in Xcode and doesn't work anymore:

    func decrypt(transferData:NSData, keyData:NSData) -> String {
        let ivData = transferData.subdataWithRange(NSRange(location: 0, length: AES.blockSizeBytes()))
        let encryptedData = transferData.subdataWithRange(NSRange(location: AES.blockSizeBytes(), length: transferData.length - AES.blockSizeBytes()))

        let aes = AES(key: keyData, iv: ivData, blockMode: .CBC) // CBC is default
        let decryptedData = Cipher.AES(key: keyData, iv: ivData, blockMode: .CBC).decrypt(encryptedData)
        let decryptedString = NSString(data: decryptedData!, encoding: NSUTF8StringEncoding)!
        return decryptedString
    }

    func encrypt(plaintextData:NSData, keyData:NSData) -> NSData {
        let ivData:NSData = Cipher.randomIV(keyData)
        let cipherdata = Cipher.AES(key: keyData, iv: ivData, blockMode: .CBC).encrypt(plaintextData)
        let transferData = NSMutableData(data: ivData)
        transferData.appendData(cipher data!
        return transferData
    }


    // KEY and IV
    var strTest = "data"
    var keyStr = "abcdefghijklmnop"

    let keyData = keyStr.dataUsingEncoding(NSUTF8StringEncoding, allowLossyConversion: false)!
    let ivData:NSData = Cipher.randomIV(keyData)

    let encrypted = encrypt(strTest.dataUsingEncoding(NSUTF8StringEncoding)!, keyData)
    let decrypted = decrypt(encrypted, keyData)
    println(decrypted)

[ferdinandharmaputra]

Please help,in my case im not using IV and keyStr just convert string this is my code:

var strTest = "asdfasdf"
var keyStr = ""
var ivStr = ""

    let plaintextData = strTest.data(using: .utf8)!
    // KEY and IV
    let keyData = keyStr.data(using: .utf8)!
    let ivData:NSData = ivStr.data(using: .utf8)! as NSData //Cipher.randomIV(keyData)
    // Encrypt
    let cipherdata = Cipher.AES(key: keyData, iv: ivData, blockMode: .CBC).encrypt(plaintextData)
    
    if let cipherdata = cipherdata {
        let aes = AES(key: keyData, iv: ivData, blockMode: .CBC) // CBC is default
        let decryptedData = Cipher.AES(key: keyData, iv: ivData, blockMode: .CBC).decrypt(cipherdata)
        let decryptedString = NSString(data: decryptedData!, encoding: NSUTF8StringEncoding)!
        let base64String = cipherdata.base64EncodedStringWithOptions(NSDataBase64EncodingOptions.Encoding64CharacterLineLength)
        print(base64String)
    }

but in this line:
let cipherdata = Cipher.AES(key: keyData, iv: ivData, blockMode: .CBC).encrypt(plaintextData)
shown error "Type 'Cipher' has no member 'AES'"

and this line too:
let aes = AES(key: keyData, iv: ivData, blockMode: .CBC) // CBC is default
Shown error "Type of expression is ambiguous without more context"

please help

[krzyzanowskim]

@ferdinandharmaputra you cannot "not use IV" in CBC mode.
The code u attached is insecure, you basically expose your key, don't use it.

I believe there is an AES example in README, did you try it?

[ferdinandharmaputra]

I did

this is my code

do {
var encryptor = try AES(key: encryptKeyData, blockMode: .CBC, padding: PKCS7())

        var ciphertext = Array<UInt8>()
        // aggregate partial results
        ciphertext += try encryptor.encrypt(Array(data))
        // finish at the end

// ciphertext += try encryptor.makeEncryptor().finish()

        print(ciphertext.toHexString())
    } catch {
        print(error)
    }

but still difference with what backend and android team expected

my android team use this

private static SecretKeySpec generateMySQLAESKey(String key, String encoding) {
try {
byte[] finalKey = new byte[16];
int i = 0;
for(byte b : key.getBytes(encoding))
finalKey[i++%16] ^= b;
return new SecretKeySpec(finalKey, "AES");
} catch(UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
}

but I get stuck to converted as swift 3.2