AES128 Encryption using PBKDF2 is not same for Java and iOS End

Question

chinmaykumardas8 OP

Created Jul ’16

Replies 3

Boosts 0

Views 3.9k

Participants 4

AES128 Encryption using PBKDF2 in Java End:

Generate Salt

public String genSalt() {

SecureRandom r = new SecureRandom();

byte[] output = new byte[16];

r.nextBytes(output);

return output.toString();

}

Generate Secrete Key

public SecretKey PBDKF2(String salt) throws Exception {

PBEKeySpec ks = new PBEKeySpec(encryptString.toCharArray(), salt.getBytes(), 1000, 128);

SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");

SecretKey secret = new SecretKeySpec(skf.generateSecret(ks).getEncoded(), "AES");

return secret;

}

Generate Encrypted String:

public String encrypt(String value) {

try {

String newSalt = genSalt();

SecretKey key = PBDKF2(newSalt);

/

Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");

cipher.init(Cipher.ENCRYPT_MODE, key);

/

byte[] encrypted = cipher.doFinal(value.getBytes());

String safeData = new String(Base64.encodeBase64(encrypted));

return safeData;

} catch (Exception ex) {

ex.printStackTrace();

}

return null;

}

============================

AES128 Encryption using PBKDF2 in iOS End:

Generate Salt

-(NSString *) randomStringWithLength: (int) len {

NSMutableString *randomString = [NSMutableString stringWithCapacity: len];

NSString *letters = @"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

for (int i=0; i<len; i++) {

[randomString appendFormat: @"%C", [letters characterAtIndex: arc4random_uniform([letters length])]];

}

return randomString;

}

Generate Secrete Key

- (NSData *)AESKeyForPassword:(NSString *)password

{

NSString *saltKey =[self randomStringWithLength:16];

NSData *keyData = [password dataUsingEncoding:NSUTF8StringEncoding];

NSData *salt = [saltKey dataUsingEncoding:NSUTF8StringEncoding];

uint rounds = 1000;

uint keySize = kCCKeySizeAES128;

NSMutableData *derivedKey = [NSMutableData dataWithLength:keySize];

CCKeyDerivationPBKDF(kCCPBKDF2, /

keyData.bytes, /

keyData.length, /

salt.bytes, /

salt.length, /

kCCPRFHmacAlgSHA1, /

rounds, /

derivedKey.mutableBytes, /

derivedKey.length); /

return derivedKey;

}

Generate Encrypted String:

- (NSString *)encryptedDataForDatapassword:(NSString *)password

error:(NSError **)error {

NSData *data = [self dataUsingEncoding:NSUTF8StringEncoding];

NSData *key = [self AESKeyForPassword:password];

size_t outLength;

NSMutableData *

cipherData = [NSMutableData dataWithLength:data.length +

kAlgorithmBlockSize];

CCCryptorStatus

result = CCCrypt(kCCEncrypt, /

kAlgorithm, /

kCCOptionPKCS7Padding, /

key.bytes, /

key.length, /

/(*iv).bytes*/NULL,/

data.bytes, /

data.length, /

cipherData.mutableBytes, /

cipherData.length, /

&outLength); /

if (result == kCCSuccess) {

cipherData.length = outLength;

}

else {

if (error) {

*error = [NSError errorWithDomain:kRNCryptManagerErrorDomain

code:result

userInfo:nil];

}

return nil;

}

NSString *encryptedString = [cipherData base64EncodedStringWithOptions:kNilOptions];

return encryptedString;

}

==============

I have implemented same logic in both end. But don’t know why both encrypted string are not same. I notice that it is not working for the large text. Please give me a solution.

Answer 1

DTS Engineer OP

Apple

Jul ’16

I don’t have time to look at your code right now but I can point you at the CryptoCompatibility sample code, which shows how to use iOS and macOS crypto APIs in a way that generates the same results as other common crypto frameworks (specifically, OpenSSL and Java).

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Answer 2

Mangesh OP

Jan ’17

Hi Chinmay,

Did you find any thing relavant to this,Any solution?

Any help/information appriciate.

Thanks

Answer 3

vinod2vin OP

Jun ’18

Hi , Did you find a solution for this ? Me too facing the same issue