Ad

String Encryption In Objective-C Decrypt In C#

- 1 answer

I am building a iPhone app which uses a c# web service. My iPhone app takes in some data and encrypts it and passes it to the web service. How do I decrypt the data in C#?

My iPhone app contains the following code:

NSString *pString = @"Some string to be encoded";
NSString *key = @"My encryption key";

NSData *pData = [pString dataUsingEncoding:NSUTF8StringEncoding];

pData = [pData AES256EncryptWithKey:key];
NSString *pID = [pData base64EncodedStringWithOptions:NSDataBase64Encoding76CharacterLineLength];

EDIT: The data is already stored in the web service so I can't readily change the encryption approach. The C# application is not on the server so there is no possibility of compromising the key.

I have tried the following C# code to decrypt the data:

    static string DecryptString(string encryptedText, string key)
    {
        byte[] encryptedString = Convert.FromBase64String(encryptedText);
        byte[] encryptionKey = Encoding.UTF8.GetBytes(key.Substring(0, 32));

        using (var provider = new AesCryptoServiceProvider())
        {
            provider.Mode = CipherMode.CBC;
            provider.Padding = PaddingMode.PKCS7;
            provider.Key = encryptionKey;
            using (var ms = new MemoryStream(encryptedString))
            {
                // Read the first 16 bytes which is the IV.
                byte[] iv = new byte[16];
                ms.Read(iv, 0, 16);
                provider.IV = iv;

                using (var decryptor = provider.CreateDecryptor())
                {
                    using (var cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
                    {
                        using (var sr = new StreamReader(cs))
                        {
                            return sr.ReadToEnd();
                        }
                    }
                }
            }
        }
    }

However, I get the following exception:

System.Security.Cryptography.CryptographicException was unhandled
HResult=-2146233296 Message=Padding is invalid and cannot be removed.

The encryptedText received by DecryptString is 80 bytes in length.

Ad

Answer

The sample ObjC code uses by default CBC modem, PKCS#7 padding and a default iv of 16 0x00 bytes.

The C# also uses CBC mode and PKCS#7 padding. The decryption code expects a 16-byte iv pre-pended to the encrypted data and that does not exist.

byte[] iv = new byte[16];
ms.Read(iv, 0, 16);
provider.IV = iv;

This needs to be changed so that iv is set to an array of 16 0x00 bytes and the ms.Read(iv, 0, 16) statement needs to be deleted so the decrypt function gets all of the encrypted data.

Notes:

  1. Using a devault anything in encryption is a bad idea, always provide the correect length data.

  2. Authentication of the encrypted data needs should be added so that it can be determined if there an incorrect key or the data has been tampered with.

  3. There really should be a version number and a random IV used and prepended to the encrypted so you should really consider correcting this. This demonstrates why a version number generally needs to be provided and used.

RNCryptor covers the above issues.

The handling of the encryption key also needs to be considered so that is is as secure as necessary.

Ad
source: stackoverflow.com
Ad