PBKDF2 using CommonCrypto on iOS

Asked 20/12, 2011 at 0:53 Answered 3/9, 2013 at 9:56

Solved objective-c ios pbkdf2 commoncrypto

I'm trying to use CommonCrypto to generate keys using PBKDF2 but I can't seem to import CommonCrypto/CommonKeyDerivation.h, I just errors that it is not found.

Any ideas?

edit: I should probably mention I have already added the security framework and I can import all of the other CommonCrypto headers.

Obed answered 20/12, 2011 at 0:53 Comment(0)

Here's how i generate AES256 keys. The only interesting this is that i get CommonCrypto to estimate for me how many rounds to use. It seems pretty straightforwards.

#import <CommonCrypto/CommonKeyDerivation.h>

...

// Makes a random 256-bit salt
- (NSData*)generateSalt256 {
    unsigned char salt[32];
    for (int i=0; i<32; i++) {
        salt[i] = (unsigned char)arc4random();
    }
    return [NSData dataWithBytes:salt length:32];
}

...

// Make keys!
NSString* myPass = @"MyPassword1234";
NSData* myPassData = [myPass dataUsingEncoding:NSUTF8StringEncoding];
NSData* salt = [self generateSalt256];

// How many rounds to use so that it takes 0.1s ?
int rounds = CCCalibratePBKDF(kCCPBKDF2, myPassData.length, salt.length, kCCPRFHmacAlgSHA256, 32, 100);

// Open CommonKeyDerivation.h for help
unsigned char key[32];
CCKeyDerivationPBKDF(kCCPBKDF2, myPassData.bytes, myPassData.length, salt.bytes, salt.length, kCCPRFHmacAlgSHA256, rounds, key, 32);

Checkrein answered 21/2, 2012 at 4:49 Comment(4)

Keep in mind that PBKDF calibration may be OK if you only need to derive a key on one device (or at least the same class of devices). When you e.g. need to sync data and derive the same key on different devices, then it’s a more sensible approach to set a number of rounds that will work painlessly on all devices (e.g. Mac Pro & iPhone). Something between 10000–20000 should be a good number in 2012. – Chamomile 21/5, 2012 at 8:11

It's better to use SecRandomCopyBytes() for pseudo-random number generation in cryptography applications. - Otherwise, great code! I like the PBKDF2 round estimation bit =) – Rugging 15/11, 2012 at 1:36

Is it necessary to create a salt of length 32 bytes ? – Calumniate 25/3, 2014 at 16:45

Hi @PiyushKashyap, a 256-bit salt ensures maximum entropy for a 256-bit key. Regardless, it is completely unnecessary. 128-bits is more than enough, and 64-bits is enough. – Forrest 23/9, 2014 at 13:18

Add this library to your project libcommonCrypto.dylib
#import into hash key generation class.
use following code to generate hash key.

This is the code what i have used:

// Salt data getting from salt string.
NSData *saltData = [@"Salt String" dataUsingEncoding:NSUTF8StringEncoding];

// Data of String to generate Hash key(hexa decimal string).
NSData *passwordData = [@"Hash key generated string" dataUsingEncoding:NSUTF8StringEncoding];

// Hash key (hexa decimal) string data length.
NSMutableData *hashKeyData = [NSMutableData dataWithLength:CC_SHA1_DIGEST_LENGTH];

// Key Derivation using PBKDF2 algorithm.
int result = CCKeyDerivationPBKDF(kCCPBKDF2, passwordData.bytes, passwordData.length, saltData.bytes, saltData.length, kCCPRFHmacAlgSHA1, 1000, hashKeyData.mutableBytes, hashKeyData.length);

// Hexa decimal or hash key string from hash key data.
NSString *hexDecimalString = hashKeyData.description;

NSLog(@"Hexa decimal string:%@", hexDecimalString);

Anyway answered 3/9, 2013 at 9:56 Comment(2)

Great, just update. You don't need to add libcommonCrypto.dylib to project in iOS8 – Bast 14/10, 2014 at 14:55

Don't use .description for data-to-string converting. – Donnie 18/11, 2016 at 11:15

Are you building for iOS5 ? or earlier versions ?

Both API, CCKeyDerivationPBKDF and CCCalibratePBKDF, defined in the header file are only available on IOS5 (or OSX 10.7) and later.

You can make sure the file exists by executing this inside a terminal window:

$ find /Developer/ -name CommonKeyDerivation.h
/Developer//Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk/usr/include/CommonCrypto/CommonKeyDerivation.h
/Developer//Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator5.0.sdk/usr/include/CommonCrypto/CommonKeyDerivation.h
/Developer//SDKs/MacOSX10.7.sdk/usr/include/CommonCrypto/CommonKeyDerivation.h

Odds answered 20/12, 2011 at 1:48 Comment(1)

iOS 4 unfortunately. Guess I will look for an alternative implementation then. – Obed 20/12, 2011 at 2:16

Recommended topics

Hot tags