Partial encryption using AES - IOS application - ios

I would like to apply the encryption & decryption technique in one my downloading concept. I want to do the partial encryption using AES 256. Is it possible to do it? is it have any algorithms available for partial encryption&decryption.
Please suggest ideas.
Partial Encryption : it means i dont want to encrypt the full content of the file.It will do the encryption for some specified part of file.(like 10% or 20%) or some junks of file content. basically , I dont want to do the encryption to the entire content
THanks.

I'm not aware of any algorithms that offer "partial encryption" functionality. Instead, I think you'll need to take charge of separating out the bytes you wish to encrypt and pass that through standard AES encryption code.

Related

Implement jcryption in Objective C

I need to implement jcryption in IOS. I have gone through the library it uses Rijndael encryption internally to encrypt the data.
I have tried AES256EncryptWithKey but it is not giving me expected encryption key.
Any help on this would be nice. Thanks
Rijndael with a 128-bit block size is AES. Use Common Crypto on iOS, it uses the hardware encryption engine. There are several ObjC AES answers here on SO, see iOS AES Encryption.
For a detailed answer you will need to provide your usage information on jCryption.
Also notice that jCryption has been discontinued. If you are trying to use jCryption in place of HTTPS the correct solution is to use HTTPS, see jCryption.

Are there default encryption features to encrypt/decrypt strings in Swift?

I googled but mostly found links to 3rd part libraries for encryption/decryption works. However, I saw Security articles on the Apple site, though without examples.
Can you please show me an example of a simple encrypt/decrypt a string with a key function?
Security and CommonCrypto are low level frameworks. They only provide security primitives, not a full encrypted data format. It is challenging to build a secure format out of the primitives, and most examples you'll find online are insecure. Either the author did not know how to build a secure format, or the author assumes you know how to take what they've written and finish building a secure format.
There is no such thing as "decrypting a string" in the way that you likely mean. All encryption functions generate raw bytes. If you want a string, convert it to base64 or hex or whatever. Some libraries automatically add this, but it often leads to strange artifacts like double-base64-encoded data.
If you want a cross-platform "out of the box" encryption format, see RNCryptor or libSodium. Both of these convert data-to-data. If you want strings, just encode and decode the data as you like (usually as base64 or hex).
What I have found you can have a look at this url : Swift Default Encryption

Transitioning to New Encryption Algorithms

How can one transition encrypted data to a new encryption algorithm / settings in an iOS app? I'm not asking exactly how to do this with code, this is rather a conceptual question.
There are currently thousands of people using my iOS app to encrypt their data. I have found issues with the current encryption methods. In order to fix those issues I would need to implement an improved encryption system (see below for details) and transition current users to the new system.
I'm not sure how to go about migrating users to the new system without prompting them to enter their private keys, decrypt, and re-encrypt with the new system. Ideally this transition would be as seamless and as invisible as possible. If the transition does not work I fear that users will lose their data or become frustrated.
Old Encryption Method
AES 256-bit
CBC Mode
New Encryption Method
AES 256-bit
CBC Mode
Password stretching with PBKDF2
Password Salting
Random IV
Hash HMAC
Any ideas on how one could go about transitioning between these two AES encryption systems?
Are the current encryption keys good? If so you can keep them and wrap them with the new key deviation function. That allows the user to change their password without having to re-encrypt the data. If the keys are too weak you will have to decrypt and re-encrypt the data.
I see "Password Salting" and "Hash HMAC", you should be thinking more along the lines of PBKDF2 to create encryption keys from a user supplied password/pass phrase. Use the calibration function to choose the number of rounds.
If you were thinking ahead you have a version indicator and if so can just encrypt new data with the new key-scheme version and have backward compatibility.
I am wondering what Base64 encoding is doing in encryption other than to transport the encrypted data across an interface that can not handle 8-bit bytes such as JSON and XML.

AES256 decryption on iOS with iso10126 padding

I need to be able to decrypt a chunk of AES256 encrypted data with iso10126 padding from an uncontrolled server. CCCrypt seems to only support "kCCOptionECBMode" and "kCCOptionPKCS7Padding" as options, so the CommonCrypto library seems incapable of what I want. What is the best solution?
I would also like to be able to use iso7816 and iso10126 padding, but they are less of a priority. I know these padding options were deemed "possibly insecure", but as I can't control the data source, I would like to be able to decrypt with these settings still.
I'm fairly certain these AES encrypted pieces of data are encrypted by the CryptoJS javascript library, (it has all of the padding options mentioned above). I'm aware that I can use this library through a UIWebView and get the result back in Objective-C, but I'd like more speed than what the javascript library can offer.
Thanks!
Padding is one of these things that you can actually program yourself (unlike many other cryptographic algorithms). Just decrypt without any padding, and do the unpadding yourself to get the plain text. If you encrypt, obviously first pad, then encrypt. Almost all libraries support something like "NoPadding". You can simply find how all padding modes work by looking at the Wikipedia page.
Be careful that you always pad/unpad for your given modes. So you may have to add a full block of padding bytes.
Note that ISO 7816 padding does not really exist. It is ISO/IEC 9797-1 Padding Method 2, which is used on bytes instead of any number of bits. The fact that it is used (not defined) in ISO/IEC 7816-4 for secure messaging (informative) does not make it part of that standard.
Other question/answer for no padding:
iOS encryption AES128/CBC/nopadding why is not working?
this link should show you how to perform no padding encryption/decryption using the iOS API.

Use encryption and decryption in iphone App and WebService

I am building an application which is talking to my .Net WebService. Application is transmitting some sensitive client information to my WebService which I want to encrypt before I wrap it in the SOAP Envelop. And web service will decrypt it on the other side before using it.
Can someone suggest me how to achieve this. I know .Net has some security which allow you to do some authentication and encryption but I dont want to go to that path at this stage, as I want to make data secure going to and from the iOS device to my webservice.
If any tutorial or example exists please let me know as this is first time I am using encryption decryption.
AES is available on pretty much every platform. What you have to do is to make sure that everything else is the same on both platforms:
1.The same mode; use either CBC or CTR mode.
2.The same IV; set it explicitly, don't use the default because it will often be different on different systems.
3.The same key; obvious, but they need to be the same at the byte level because text can be encoded differently on different systems. Explicitly state the encoding you are using.
4.The same padding; for AES use PKCS7, again don't rely on the default which may be different on different systems.
Whatever you chose do set things explicitly and don't rely on defaults. Defaults can differ between systems and any difference will cause decryption to fail.
Use an HTTPS connection. This will encrypt your entire connection, and it's trivial to use and built in to both the iPhone and .NET.

Resources