I need to encrypt a string on the iPhone and send it to a .Net web service for decryption. I am able to encrypt/decrypt on the iPhone and with .Net, but the encrypted strings from the iPhone cannot be decrypted by .Net. The error I get is ‘Padding is invalid and cannot be removed.’
The .Net code is from: http://blog.realcoderscoding.com/index.php/2008/07/dot-net-encryption-simple-aes-wrapper/
The iPhone code uses the sample code from: http://nootech.wordpress.com/2009/01/17/symmetric-encryption-with-the-iphone-sdk/
AFAIK my key settings are the same:
result.BlockSize = 128; // iPhone: kCCBlockSizeAES128 result.KeySize = 128; // kCCBlockSizeAES128 result.Mode = CipherMode.CBC; result.Padding = PaddingMode.PKCS7; // kCCOptionPKCS7Padding I tried different ways of generating ciphertext. hello/hello is:
e0PnmbTg/3cT3W+92CDw1Q== in .Net
yrKe5Z7p7MNqx9+CbBvNqQ== on iPhone
and ‘openssl enc -aes-128-cbc -nosalt -a -in hello.txt -pass pass:hello’ generates: QA+Ul+r6Zmr7yHipMcHSbQ==
At the very least, you are using differing initialization vectors (IV).
The .Net code uses the key for IV.
and
which should probably be:
kList.Add(kRaw[(i / 8) % kRaw.Length]);. Otherwise a key whose length % 8 == 0 will use the same letter repeatedly, doh!Thus the IV (and key) used by .Net is:
hleolhleolhleolh. This is not part of the API, but rather due to the wrapper code that you pointed at (which has a serious bug in it…).The iPhone code uses 0 for IV.
openssl by default prepends a randomly generated salt (which is why the output is longer!).
The openssl output is more secure since it is prepending a random initialization vector. It looks like the first few bytes of the base64 decoded string is ‘Salted__’. You can also ask openssl to not use a salt (-nosalt) and / or provide an IV (-iv).
Essentially, openssl, .Net, and the iPhone are using the same encryption, you just need to be careful how you initialize the APIs with the encryption key and the initialization vector.