I'm converting an Android app to iOS. The Android version uses CMAC-AES cryptography, but I couldn't find CMAC for iOS. Does anyone know a library or could give a tip? I am not familiar with cryptography, so I am little messy.
CMAC stands for Cipher-based Message Authentication Code, that means it's a message authentication code (it is used to authenticate data and avoid any corruption of the data being authenticated) that uses ciphers to achieve its goals, in your particular case it uses the AES cipher to do so.
There are indeed some libraries that you could use, you may use OpenSSL (you may try others tutorials that links OpenSSL to your project) which is a well adopted library and heavily maintened.
Related
I am working on a Flutter application which needs to communicate using DTLS. As far as I can see there is no current support for DTLS in the Dart APIs, only TLS.
Can anyone recommend what I can do? Perhaps just the high-level steps on how to get a Flutter application to communicate in DTLS? Any tips on what I should watch out for?
Thanks!
I wrote a DTLS server ten years ago in Java (before there was support in Bouncy Castle), and I've ported a lot of my Java code to Dart over the last few years (but not DTLS!).
I had a quick look through the server code for what the biggest gotchas might be in a pure Dart implementation (of a client - hope that's a correct assumption). Two immediate difficulties seem to be parsing the server's certificate chain (DER decode to get to a usable RSA public key) and then using that RSA key to encrypt the pre-master-secret. (There's an old implementation of RSA in pub, but I couldn't find any ASN/DER libraries to help with the certificates.) Validating the root CA certificate would be tricky without access to a trust store.
Most of the other stuff like random number generation (how secure?), SHA/MD5 hashing, serialization to/from network byte order, handling timers are doable.
All in all, given the support in BC, RĂ©mi is correct to suggest a platform channel to Java.
I need to implement jcryption in IOS. I have gone through the library it uses Rijndael encryption internally to encrypt the data.
I have tried AES256EncryptWithKey but it is not giving me expected encryption key.
Any help on this would be nice. Thanks
Rijndael with a 128-bit block size is AES. Use Common Crypto on iOS, it uses the hardware encryption engine. There are several ObjC AES answers here on SO, see iOS AES Encryption.
For a detailed answer you will need to provide your usage information on jCryption.
Also notice that jCryption has been discontinued. If you are trying to use jCryption in place of HTTPS the correct solution is to use HTTPS, see jCryption.
I am working on a project I intended as an academic exercise for myself. What I am basically doing is trying to add a custom compression type between an IIS server and a web browser, but getting mired in the browser aspects of it. What is basically needed is to be able to alter the byte stream on the server before it is sent to the client, and on the client browser side, be able to alter received response byte stream before other normal DOM parsing and such take place. On the server side this turned out to be pretty trivial, but I am at a loss in how to do this in chrome or firefox. If anyone has insight for chrome, please share, but I'll focus on Firefox for now. My understanding is that previously Firefox had rather low level access available to extensions but that they are tightening the restrictions a bit going forward with their Firefox add-on sdk. I don't want to bother learning the old methods if they are slated to be removed so does anyone definitively know if the add-on sdk allows you to alter the byte stream directly in this manner? If so, do you have an example of such usage?
(I am aware that I need to have the compression negotiated with the Accept-Encoding header)
I don't want to bother learning the old methods if they are slated to be removed
There are no plans now, or in the future, to remove legacy add-on support. At least that's what add-on SDK folks and extension manager folks told me repeatedly.
Back to your question: The add-on sdk does not provide an explicit API for stuff like this, but you can always go even more low-level, even in the SDK (via the chrome module and/or window/utils).
To implement additional compression methods, you'd need to implement the nsIStreamConverter interface and properly register your component under the #mozilla.org/streamconv;1#?from=<yourcompression>&to=uncompressed contract. Then Firefox should be able to decode yourcompression.
See https://developer.mozilla.org/ for more information on how to implement and register XPCOM components in either javascript or C++.
Using the SDK or implementing your add-on restartless will require you register the component yourself instead of relying on chrome.manifest. There are a couple of add-on doing so already, e.g. Adblock Plus.
Binary (C++) components should be avoided because you'll obviously need to compile your component for each supported platform and you'll need to re-compile it for each Gecko version. If you have to go binary, a javascript component stub + js-ctypes might be better.
See the mozilla source code on how to implement nsIStreamConverter in the first place.
You may also need to modify the network.http.accept-encoding preference so that the compression may be actually negotiated with the server.
I am developing an app that stores PDF files. These files should be stored secure, i. e. encrypted. I also found some libraries that extend NSData with AES en/decryption. But then I read, that iOS supports hardware encryption via AES. Is the NSData library really necessary if they both provide AES256 encryption?
If there are differences, which way is more secure? Also.. how do I activate the hardware encryption? Or is this a global setting that applies to all apps? I guess that the files become decrypted after the device is unlocked? So if someone cracks my phone he has also access to the decrypted files? But if I do the encryption by myself and connect the decryption with a SHA hashed password that is stored in the keychain the files might still be inaccessible?
Edit:
Did I get it all wrong and my library (AQToolkit) is just some kind of API for the built-in hardware encryption and I am basically talking about the same thing?
I heartily recommend RNCryptor, which uses Apple's own Security.framework guaranteeing hardware encryption/decryption if possible. It's incredibly easy to use in the default case (AES-256 with 10k iterations of PBKDF2). It's not an encryption library per se, but rather an Obj-C packaging of the open source Common Crypto C library. Check it out.
I've worked with Java cryptography for many years. Now, we have a requirement to write an iOS application that will send encrypted payloads from the mobile device to a Java service. I've begun working with the iOS crypto support (CommonCrypto, etc.) and have found it a bit more difficult. The JCE has a very clean, concise API, so I've clearly gotten spoiled. In contrast, iOS cryptography is a far more difficult API to work with.
Are there any simplified crypto libraries or wrappers around CommonCrypto that provide a more concise API? In particular, we need:
Key generation (both symmetric and asymmetric)
Encryption/decryption of data
Digital signatures (SHA1withRSA, for example)
Hashing
RSA, 3DES, and AES support
I know I've seen a sample class or two that wraps AES encryption, for example. I'm looking for something a bit richer and more full-featured. Anyone have any suggestions?
You can use openSSL inside your iOS app, for ease of use you can use the SSCrypto library by septicus.
From the septicus site:
SSCrypto.framework provides a simple wrapper around OpenSSL library
functions for encryption, decryption (both symmetric and RSA) and
checksums. It also encodes and decodes base64 data and can generate
both private and public RSA keys. A test tool is included in the
project. Click here to see the main.m file that comes with SSCrypto
for examples of it's use.