Encrypted NSData to NSString in obj-c?

Asked 13/9, 2009 at 14:38 Answered 13/3, 2019 at 8:22

iphone objective-c encryption nsstring nsdata

I have an iPhone app which encrypts an inputted NSString using CCCrypt (AES256) and a plaintext key. The string and key are given to the encryption method which returns an NSData object.

Requesting [data description] where 'data' is the encrypted string data gives an NSString like: "<0b368353 a707e7de 3eee5992 ee69827e e3603dc2 b0dbbc0b 861ca87d f39ce72a>" but when I try to convert that to an NSString, I get "(null)".

I need to return an NSString to the user, which can be used to decrypt back to the original string using the same plaintext key. If the 'description' property of the NSData object can return a string, is there any way I can produce an NSString from the NSData object without getting "(null)"?

UPDATE: Thanks to Quinn, who suggests using Base64 encoding to produce the muddled string. From what I understand, Base64 encoding does not simply swap characters, but the character exchange depends on the position, so that's fine.

My only concern is that I want to be able to encrypt the message with a 'passphrase', and require the identical passphrase to be entered when the muddled string needs to be decoded - can anybody suggest ways to implement this?

Boisleduc answered 13/9, 2009 at 14:38 Comment(1)

I've updated my answer to address this below. You're correct, Base64 is not a substitution algorithm — it basically expands 3 bytes to 4 bytes, so encoded data is 1.37x as large as its non-encoded counterpart. Basically, it takes 3 8-bit chunks and redivides it into 4 6-bit chunks, then reinterprets each of those as 8-bit chunks, which can easily be represented in ASCII. Wikipedia has more detail. – Radon 13/9, 2009 at 22:16

First off, DO NOT use -[NSData description] to create an NSString for such purposes. (It's best to treat -description as debugging output. I apologize if my previous answer misled you, I was merely printing the description to demonstrate that the NSData can be encrypted and decrypted.) Instead, use NSString's -dataUsingEncoding: and -initWithData:encoding: methods to convert between NSData and NSString. Even with these, note that AES-encrypted data will probably not translate well into strings as-is — some byte sequences just won't play nicely, so it's a good idea to encode the data before creating the string.

I'd suggest you try Base64 encoding the NSData, since Base64 data can always be represented as an ASCII string. (Of course, when you do that, you'll have to decode from Base64 before decrypting.)

Here are some helpful resources...

Colloquy has some code that does encoding/decoding on NSData (header and implementation)
Google Toolbox for Mac has similar functionality (header and implementation)
A Cocoa With Love blog post on the topic.
A CocoaDev.com wiki page on the topic.

Edit: I was assuming you'd combine this with my answer to your previous question on AES encryption of NSString objects. Encoding data as Base64 doesn't place any restrictions on the data itself — it can certainly be AES-enrypted data itself. Here's what to do if you just want string input and output:

Encryption
- Provide the NSString to be encrypted, and the passphrase to use for encrypting.
- Convert the string to an NSData and perform AES encryption on it (see previous question).
- Base64-encode the NSData, then create and return and NSString of the encoded output.
Decryption
- Provide the encrypted and encoded string, and the passphrase to use for decrypting.
- Create an NSData from the first string, then Base64-decode the data.
- Perform AES decryption on the data, then create and return an NSString.

It's really just a matter of chaining the two parts together and performing them in reverse on the way out. From my previous answer, you can modify encryptString:withKey: to perform the last step and return a string, and change decryptData:withKey: to be decryptString:withKey: and accept two strings. It's pretty straightforward.

Radon answered 13/9, 2009 at 14:39 Comment(5)

@FreeAsInBeer Please don't mark other people's answers as Community Wiki when you edit them. That's not what it's for. – Radon 25/10, 2011 at 17:10

@QuinnTaylor The FAQ states that you are the only one who specifically has access to the Community Wiki checkbox. My edit may have inadvertently caused it to enter Community Wiki mode, but that was completely unintentional. Please don't accuse other people of doing things they cannot do. Reference – Deirdre 25/10, 2011 at 17:36

@Deirdre My apologies, it wasn't your fault after all. I was unaware that an answer automatically converts to CW if: "The post has been edited ten (10) times by the original owner." I just happened to see that it was CW when I viewed your edit, but it was after my previous edit that it happened. Sorry for jumping to conclusions. :-P – Radon 8/12, 2011 at 9:19

@QuinnTaylor It's all good. These things happen. Afterall, (even if we think we're all-powerful computer wizards) we're only human. – Deirdre 9/12, 2011 at 1:45

The documentation for NSData .description merely states A string that contains a hexadecimal representation of the object’s contents in a property list format. There is no suggestion this should only be used for debugging purposes. If it works for a known data format, is there an actual reason to not use it? [Edit: Ah, perhaps I need to read this answer specifically in the context of the original question re encrypted data.] – Cns 23/5, 2017 at 21:42

I have put together a complete bundle of categories for NSData and NSString to provide AES256 encryption for strings.

Please see my answer on the 'original' question for more details.

Grisette answered 22/2, 2011 at 13:4 Comment(0)

I have similar requirement where I need to encrypt all the strings when user enters the password to enter to app so that those sensitive strings doesn't remain unencrypted all the time. So I have to keep those strings encrypted and decrypt as an when require only.

It was a simple requirement and I wanted to keep it light. So I have created a small Obfuscator using lot of useful info shared by @RobNapier in one his blog. It might help for those who are looking a lightweight solution with lot of juicy comments.

import Foundation
import CommonCrypto
// A thin wrapper around interfacing
public enum CrypticAlgo {
    case AlgoAES
    case AlgoDES

func blockSize() -> Int {
    switch self {
    case .AlgoAES:
        return kCCBlockSizeAES128
    case .AlgoDES:
        return kCCBlockSizeDES
    }
}

func keySize() -> size_t {
    switch self {
    case .AlgoAES:
        return kCCKeySizeAES128
    case .AlgoDES:
        return kCCKeySizeDES
    }
}

func algo() -> UInt32 {
    switch self {
    case .AlgoAES:
        return CCAlgorithm(kCCAlgorithmAES)
    case .AlgoDES:
        return CCAlgorithm(kCCAlgorithmDES)
    }
}


}

public final class MGObfuscate {

private var ivData: [UInt8]?
private var derivedKey: Data?
private let crypticAlgo: CrypticAlgo

public init(password: String, salt: String, algo: CrypticAlgo) {
    //Quickly get the data to release the password string
    let passwordData = password.data(using: .utf8)!
    //
    // Rounds require for 1 sec delay in generating hash.
    // Salt is a public attribute. If attacker somehow get the drivedKey and try to crack
    // the password via brute force, The delay due to Rounds will make it frustrating
    // to get actual password and deter his/her efforts.
    //
    let rounds = CCCalibratePBKDF(CCPBKDFAlgorithm(kCCPBKDF2), password.count,
                                  salt.count, CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA256), Int(CC_SHA256_DIGEST_LENGTH), 1000)

    let saltData = salt.data(using: .utf8)!
    derivedKey = MGObfuscate.derivedKey(for: passwordData,
                                         saltData: saltData, rounds: rounds)
    self.crypticAlgo = algo
    var ivData = [UInt8](repeating: 0, count: algo.blockSize())
    // Random criptographically secure bytes for initialisation Vector
    let rStatus = SecRandomCopyBytes(kSecRandomDefault, ivData.count, &ivData)
    self.ivData = ivData
    //        print(ivData)
    guard rStatus == errSecSuccess else {
        fatalError("seed not generated \(rStatus)")
    }
}

@inline(__always) private static func derivedKey(for passwordData: Data, saltData: Data, rounds: UInt32) -> Data {
    var derivedData = Data(count: Int(CC_SHA256_DIGEST_LENGTH))
    let result = derivedData.withUnsafeMutableBytes { (drivedBytes: UnsafeMutablePointer<UInt8>?) in
        passwordData.withUnsafeBytes({ (passwordBytes: UnsafePointer<Int8>!) in
            saltData.withUnsafeBytes({ (saltBytes: UnsafePointer<UInt8>!) in
                CCKeyDerivationPBKDF(CCPBKDFAlgorithm(kCCPBKDF2), passwordBytes, passwordData.count, saltBytes, saltData.count, CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA256), rounds, drivedBytes, Int(CC_SHA256_DIGEST_LENGTH))
            })
        })
    }
    if kCCSuccess != result {
        fatalError("failed to generate hash for password")
    }
    return derivedData
}

private func runCryptic(operation: Int, inputData: Data, keyData: Data, ivData: Data) -> Data {
    let cryptLength = size_t(inputData.count + crypticAlgo.blockSize())
    var cryptData = Data(count: cryptLength)
    let keyLength = crypticAlgo.keySize()

    var bytesProcessed: size_t = 0
    let cryptStatus = cryptData.withUnsafeMutableBytes {cryptBytes in
        inputData.withUnsafeBytes { dataBytes in
            keyData.withUnsafeBytes { keyBytes in
                ivData.withUnsafeBytes{ ivBytes in
                    CCCrypt(CCOperation(operation),
                            crypticAlgo.algo(),
                            CCOptions(kCCOptionPKCS7Padding),
                            keyBytes, keyLength,
                            ivBytes,
                            dataBytes, inputData.count,
                            cryptBytes, cryptLength,
                            &bytesProcessed)
                }
            }
        }
    }
    if cryptStatus == CCCryptorStatus(kCCSuccess) {
        cryptData.removeSubrange(bytesProcessed..<cryptData.count)
    } else {
        fatalError("Error: \(cryptStatus)")
    }
    return cryptData
}

public func encriptAndPurge(inputString: inout String?) -> Data? {
    if let inputdata = inputString?.data(using: .utf8) {
        inputString = nil
        return runCryptic(operation: kCCEncrypt, inputData: inputdata, keyData: derivedKey!, ivData: Data(bytes: ivData!))
    }
    return nil
}

public func encript(inputString: String) -> Data {
    let inputdata = inputString.data(using: .utf8)!
    return runCryptic(operation: kCCEncrypt, inputData: inputdata, keyData: derivedKey!, ivData: Data(bytes: ivData!))
}

public func decript(data: Data, result: (String) -> Void) {
    let data = runCryptic(operation: kCCDecrypt, inputData: data, keyData: derivedKey!, ivData: Data(bytes: ivData!))
    result(String(data: data, encoding: .utf8)!)
}

public func purge() {
    ivData = nil
    derivedKey = nil
}

}

Kutch answered 13/3, 2019 at 8:22 Comment(0)

Recommended topics

Hot tags