问题
So my question for you stackoverflow geniuses is: if there a way (native, library, framework, whatever..) to encrypt data with AES (preferably 128 but could be 256 too) using a strong Authenticated encryption algorithm, let's say GCM mode?
Question is short, I have done some research and I only found one library that seems to support it ( RNCryptor ) but it also seems to use password to crypt instead of keys (like you provide a password and the library made the key) and I don't like that a lot, I prefer to manage my keys myself.
I also look at CommonCryptor.h and I found that line, which seems to me the only reference of GCM in commoncryptor source code (but I could be wrong, actually I am probably wrong) :
case kCCModeGCM: if((ref->symMode[direction].gcm = getCipherMode(cipher, mode, direction).gcm) == NULL) return kCCUnimplemented;
Thanks by advance !
回答1:
RNCryptor uses a HMAC, which is considered a cryptographically strong method of creating an authentication tag. It is open source as well. So I would seriously consider cloning RNCryptor code for this (keep the copyright in the header intact!).
Password based encryption consists of deriving a keys (and possibly an IV), then performing the encryption and authentication. So you should get a long way by simply removing the key derivation part.
The only time when this doesn't work is if the code for key derivation is woven into the part that does the encryption/authentication, but this does not seem to be the case for RNCryptor.
回答2:
Thanks to owlstead suggest I take a look deeper into RNCryptor and found a solution.
First of all after lots of googling it's seems that Zaph were right and iOS doesn't provide GCM but use it in iOS. ref there: iOS Security feb 2014
Second, RNCryptor doesn't use GCM but use AES256 in CBC mode (Cipher Block Chaining), which is fine, and then authenticate with HMAC+SHA1. This fits my requirements.
To encrypt with a key and to skip the password derivation part, RNCryptor provide this function:
NSData *encryptedData = [RNEncryptor encryptData:yourData
withSettings:kRNCryptorAES256Settings
encryptionKey:encryptionKey
HMACKey:HMACKey
error:&error];
and then decrypt with this
NSData *decryptedData = [RNDecryptor decryptData:encryptedData withEncryptionKey:encryptionKey HMACKey:HMACKey error:&decryptionError];
RNCryptor also provide random generation methods for keys.
Note: take care when using AES256, the key schedule can be weak: Schneier article but no drama and there are other point of view on AES256 that are pros: Colin Percival article
回答3:
GCM is missing from CommonCrypto. Interestingly Apple is using GCM for the keychain since ios5.
来源:https://stackoverflow.com/questions/23681571/is-it-possible-to-use-aes128-with-gcm-mode-on-ios