How to encrypt with AES 256 CBC in Objective C

Question

I am building an iPhone app which gets a encrypt string and sent it to backend.

In PHP I am encrypting the string like this:

$encrypt_method = "AES-256-CBC";
$secret_key = 'This is my secret key';
$secret_iv = 'This is my secret iv';

// hash
$key = hash('sha256', $secret_key);

// iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
$iv = substr(hash('sha256', $secret_iv), 0, 16);

if( $action == 'encrypt' ) {
    $output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
    $output = base64_encode($output);
}

How I do the same like that but in Objective C

Answer 1

Thanks Nirav Kotecha for your answer.

I ended up using CrytoSwift and Add Extension class NSString and String to call it.

Answer 2

#import <CommonCrypto/CommonCryptor.h>

#define key @"YOUR_KEY"
#define iv @"YOUR_IV"

- (NSData *) cryptOperation:(CCOperation)operation
{
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise
    char keys[kCCKeySizeAES256 + 1];
    [key getCString:keys maxLength:sizeof(keys) encoding:NSUTF8StringEncoding];
    // Perform PKCS7Padding on the key.
    unsigned long bytes_to_pad = sizeof(keys) - [key length];
    if (bytes_to_pad > 0)
    {
        char byte = bytes_to_pad;
        for (unsigned long i = sizeof(keys) - bytes_to_pad; i < sizeof(keys); i++)
            keys[i] = byte;
    }
    NSUInteger dataLength = [self length];
    //See the doc: For block ciphers, the output size will always be less than or
    //equal to the input size plus the size of one block.
    //That's why we need to add the size of one block here
    size_t bufferSize = dataLength + kCCBlockSizeAES128;
    void *buffer = malloc(bufferSize);
    size_t numBytesDecrypted = 0;
    CCCryptorStatus status = CCCrypt(operation, kCCAlgorithmAES128,
                                     kCCOptionPKCS7Padding,
                                     keys, kCCKeySizeAES256,
                                     [iv UTF8String],
                                     [self bytes], dataLength, /* input */
                                     buffer, bufferSize, /* output */
                                     &numBytesDecrypted);
    if (status == kCCSuccess)
    {
        //the returned NSData takes ownership of buffer and will free it on dealloc
        return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
    }
    free(buffer); //free the buffer;
    return nil;
}

- (NSData *)AES256Encrypt
{
    return [self cryptOperation:kCCEncrypt];
}

- (NSData *)AES256Decrypt
{
    return [self cryptOperation:kCCDecrypt];
}

you can use this method by following way..

NSString *receivedDataDecryptString = [self decrypt:@"YOUR_STRING"];
NSString *receivedDataEncryptString = [self encrypt:@"YOUR_STRING"];

    -(NSString *)encrypt:(NSString *)string
    {
        NSData *data = [string dataUsingEncoding:NSUTF8StringEncoding];
        NSData *dataEncrypted = [data AES256Encrypt];
        NSString *strRecordEncrypted = [dataEncrypted base64EncodedStringWithOptions:0];
        return strRecordEncrypted;
    }

    -(NSString *)decrypt:(NSString *)string
    {
        if([string containsString:@"\n"] || [string containsString:@"\t"])
        {
            string = [[string componentsSeparatedByCharactersInSet:[NSCharacterSet newlineCharacterSet]] componentsJoinedByString:@""];
            string = [string stringByReplacingOccurrencesOfString:@"\t" withString:@""];
        }
    NSData *keyData = [[NSData alloc] initWithBase64EncodedString:string options:0];
    NSData *dataDecrypted = [keyData AES256Decrypt];
    NSString *receivedDataDecryptString = [[NSString alloc]initWithData:dataDecrypted encoding:NSUTF8StringEncoding];
    return receivedDataDecryptString;
}