ios - Objective C encryption code not working like Android AES 256, md5 encryption -


i encrypting text send server using "aes256/pkcs5padding/ecb" encryption. following code android works encrypted data decrypted in nodejs server.

public static string encryptaes_java_node(string content, string key) {                 byte[] input;               string query = null;               try {                      input = content.getbytes("utf-8");                        messagedigest md = messagedigest.getinstance("md5");                      byte[] thedigest = md.digest(key.getbytes("utf-8"));                      secretkeyspec skc = new secretkeyspec(thedigest,                                   "aes/ecb/pkcs5padding");                      cipher cipher = cipher.getinstance("aes/ecb/pkcs5padding");                      cipher.init(cipher.encrypt_mode, skc);                        byte[] ciphertext = newbyte[cipher.getoutputsize(input.length)];                      int ctlength = cipher.update(input, 0, input.length, ciphertext, 0);                      ctlength += cipher.dofinal(ciphertext, ctlength);                        query = base64.encodetostring(ciphertext, base64.default);                                    } catch (unsupportedencodingexception e) {                      // todo auto-generated catch block                      e.printstacktrace();               } catch (nosuchalgorithmexception e) {                      // todo auto-generated catch block                      e.printstacktrace();               } catch (nosuchpaddingexception e) {                      // todo auto-generated catch block                      e.printstacktrace();               } catch (invalidkeyexception e) {                      // todo auto-generated catch block                      e.printstacktrace();               } catch (illegalblocksizeexception e) {                      // todo auto-generated catch block                      e.printstacktrace();               } catch (shortbufferexception e) {                      // todo auto-generated catch block                      e.printstacktrace();               } catch (badpaddingexception e) {                      // todo auto-generated catch block                      e.printstacktrace();               }               return query;          }

here code in objc

(nsstring *)encrypttext:(nsstring *)rawtext withkey:(nsstring *)key {     // 'key' should 32 bytes aes256, null-padded otherwise     char keyptr[kcckeysizeaes256+1]; // room terminator (unused)     bzero(keyptr, sizeof(keyptr)); // fill zeroes (for padding)       nsdata *rawdata = [rawtext datausingencoding:nsutf8stringencoding];      //convert hash     nsstring *md5key = [self md5string:key];      // fetch key data     [md5key getcstring:keyptr maxlength:sizeof(keyptr) encoding:nsutf8stringencoding];      nsuinteger datalength = [rawdata length];      //see doc: block ciphers, output size less or     //equal input size plus size of 1 block.     //that's why need add size of 1 block here     size_t buffersize = datalength + kccblocksizeaes128;     void *buffer = malloc(buffersize);      size_t numbytesencrypted = 0;     cccryptorstatus cryptstatus = cccrypt(kccencrypt, kccalgorithmaes128, kccoptionpkcs7padding + kccoptionecbmode,                                           keyptr, kcckeysizeaes256,                                           null /* initialization vector (optional) */,                                           [rawdata bytes], datalength, /* input */                                           buffer, buffersize, /* output */                                           &numbytesencrypted);     if (cryptstatus == kccsuccess) {         //the returned nsdata takes ownership of buffer , free on deallocation         nsdata *tempdata  = [nsdata datawithbytesnocopy:buffer length:numbytesencrypted];         nsstring* encrypted64 = [tempdata base64encodedstringwithoptions:0];//even have tried base 64 encding other options available         return encrypted64;     }      free(buffer); //free buffer;     return nil; }

am making mistake while converting key md5 done in android?

adding code decryption in nodejs service reference.

var decipher = crypto.createdecipher('aes-128-ecb', encryption_key);              chunks = []             chunks.push( decipher.update( new buffer(fullbuffer, "base64").tostring("binary")) );             chunks.push( decipher.final('binary') );             var txt = chunks.join("");             txt = new buffer(txt, "binary").tostring("utf-8");  // encryption_key = key, fullbuffer input , txt output

md5 produces 16-byte result.

the java see key , use aes128 uses 16-byte key. better explicitly specify key size in java version using: "aes/ecb/nopadding (128)".

the ios version explicitly specifying aes256 uses 32-byte key , null pad 16-byts 32-bytes.

in ios version change encryption aes16: kcckeysizeaes128.

there security issues:

  1. using md5 create key string not secure, current practice use key derivation function such pbkdf2 iteration count , random salt passed pre-pended encrypted data.

  2. ecb mode not secure, better use cbc mode random iv , pre-pend iv encrypted data.

    but if security not important md5 , ecb fine.


Comments

Post a Comment

Popular posts from this blog

node.js - Using Node without global install -

i'm working on few node & electron (atom shell) projects , i'm curious how them work without user having install node globally. i've seen few applications including node directory in project contains node.exe binary. how go setting node project use binary? edit: thought should add, i've searched everywhere answer this, unrelated results.
Read more

How to access a php class file from PHPFox framework into javascript code written in simple HTML file? -

i've website developed using phpfox v3.0.7 . now i'm trying implement 'sse(server sent events)' 1 of php files. reference i'm giving below necessary code part of file. file titled process.class.php , present @ location /var/www/module/notification/include/service/process.class.php present on server having ip http://34.124.40.142/ . <?php /** * [phpfox_header] */ header('content-type: text/event-stream'); header('cache-control: no-cache'); defined('phpfox') or exit('no dice!'); /** * * * @copyright [phpfox_copyright] * @author raymond benc * @package phpfox_service * @version $id: service.class.php 67 2009-01-20 11:32:45z raymond_benc $ */ class notification_service_process extends phpfox_service { /** * class constructor */ public function __construct() { $this->_stable = phpfox::gett('notification'); } public function add($...
Read more

java - Null response to php query in android, even though php works properly -

Image
table i'm trying retrieve above data using 2 php files below. want pass email parameter , return bets user = email. work fine when tested advanced rest client, problem not php. however, when try through android 2 java classes below, null pointer exception (logcat below) , json object returned null. i'm not sure error is, think i'm not passing parameter php , that's why it's producing null response. logcat 05-31 15:10:50.227 26074-26074/com.example.albert.betterapp e/androidruntime﹕ fatal exception: main process: com.example.albert.betterapp, pid: 26074 java.lang.runtimeexception: unable start activity componentinfo{com.example.albert.betterapp/com.example.albert.betterapp.displayallbets}: java.lang.nullpointerexception @ android.app.activitythread.performlaunchactivity(activitythread.java:2292) @ android.app.activitythread.handlelaunchactivity(activitythread.java:2350) @ android.app.activitythread.acce...
Read more