Login/Register
implementing PBEKeySpec encryption into IOS
Asked Answered
Solved objective-chashpbkdf2
P

1

6

This is my java code. Now I want to implement same functionality in Objective-C.

int dkLen = 16;
int rounds = 1000;
PBEKeySpec keySpec = new PBEKeySpec(hashKey.toCharArray(),salt.getBytes(), rounds, dkLen * 8);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
return factory.generateSecret(keySpec).getEncoded();

This is my iOS implementation 

- (void)getHashKey {
      NSString *hash_key=@"MY_HASHKEY";
      NSString *saltKey = @"MY_SALTKEY";

      int dkLen = 16;
      NSData *keyData = [hash_key dataUsingEncoding:NSUTF8StringEncoding];
      NSData *salt    = [saltKey dataUsingEncoding:NSUTF8StringEncoding];
      uint    rounds  = 1000;
      uint    keySize = kCCKeySizeAES128;

      NSMutableData *derivedKey = [NSMutableData dataWithLength:keySize];

      CCKeyDerivationPBKDF(kCCPBKDF2,               // algorithm
                           keyData.bytes,           // password
                           keyData.length,          // passwordLength
                           salt.bytes,              // salt
                           salt.length,             // saltLen
                           kCCPRFHmacAlgSHA1,       // PRF
                           rounds,                  // rounds
                           derivedKey.mutableBytes, // derivedKey
                           dkLen*8);                // derivedKeyLen

       NSString *myString = [[NSString alloc] initWithData:derivedKey encoding:NSASCIIStringEncoding];
       NSLog(@"derivedKey: %@", myString);
}

Is there any problem with algorithm which i am using in iOS

Parfitt answered 24/10, 2015 at 6:30 Comment(0)
O
4

Use the Common Crypto CCKeyDerivationPBKDF function with the option kCCPRFHmacAlgSHA1.

Note PBEKeySpec keyLength is in bits, CCKeyDerivationPBKDF derivedKeyLen is in bytes.

For a more detailed answer provide all input (hashKey, salt) and the output in hex dump format plus the number of rounds, output length in bytes.

See this SO answer for sample code.

Update for revised question code:

CCKeyDerivationPBKDF returns 8-bit data bytes that is essentially not characters and many are not printable even if forced into NSASCIIStringEncoding. Forcing to NSASCIIStringEncoding even if there is no error returned is incorrect and non-useful. Instead either use the returned NSData or convert to Base64 or HexASCII encoding.

Change

NSString *myString =    [[NSString alloc] initWithData:derivedKey encoding:NSASCIIStringEncoding];

Output: A´Öº÷"ùïó

to

NSString * myString = [derivedKey base64EncodedStringWithOptions:0];

Output: QbTWgbr3FSL57/MfBQAz4A==

Note: 1000 rounds is generally considered insufficient, something in the 10,000 to 100,000 range should be used.

Timings on an iPhone 6S:

rounds  seconds
1000    0.003  
10000   0.032  
100000  0.309  
1000000 3.047
Operate answered 24/10, 2015 at 11:42 Comment(7)
thank your for your concern .i have edited my question please let me know if am doing any wrongParfitt
@ zaph, is there any problem if i use 1000?Parfitt
if i need to see same string in android should i convert into base64 ?Parfitt
It is just a matter of security level, the key derivation should take long enough to prevent an attacker from trying large numbers of keys. There is code and password lists available that are very fast. It also depends on what you are protecting, if it is a single spicific user that is being attacked that is harder for an attacker so a lower number of rounds is reasonable. If it is the server and breaking any account is sufficient a higher number of rounds is necessary since the attacker only needs to break the worst password.Operate
i am getting incorrect checksum for freed object object was probably modified after being freed errorParfitt
The statement is too vague, I suggest a new question with the code and details.Operate
please answer this question.you can only help in this https://mcmap.net/q/1913982/-implementing-aes256-encryption-into-ios/5223973Parfitt

© 2022 - 2024 — McMap. All rights reserved.