是否可以在iOS上使用AES128与GCM模式？ [英] Is it possible to use AES128 with GCM mode on iOS?

问题描述

所以我对你的stackoverflow天才的问题是：如果有一种方式（本机，库，框架，无论..）到加密数据与AES （最好128，但也可以是256） GCM模式？

So my question for you stackoverflow geniuses is: if there a way (native, library, framework, whatever..) to encrypt data with AES (preferably 128 but could be 256 too) using a strong Authenticated encryption algorithm, let's say GCM mode?

问题很简单，我已经做了一些研究，只找到一个似乎支持它的库（ RNCryptor ），但似乎也使用密码密码而不是密钥（例如您提供密码，图书馆是密钥），而且我不喜欢这么多，我更喜欢自己管理我的密钥。

Question is short, I have done some research and I only found one library that seems to support it ( RNCryptor ) but it also seems to use password to crypt instead of keys (like you provide a password and the library made the key) and I don't like that a lot, I prefer to manage my keys myself.

我也看看 CommonCryptor.h ，我发现这行，这似乎是我的GCM在commoncryptor源代码中唯一的引用（但我可能是错的，实际上我可能是错误的） ：

I also look at CommonCryptor.h and I found that line, which seems to me the only reference of GCM in commoncryptor source code (but I could be wrong, actually I am probably wrong) :

case kCCModeGCM: if((ref->symMode[direction].gcm = getCipherMode(cipher, mode, direction).gcm) == NULL) return kCCUnimplemented;

感谢提前！

推荐答案

感谢owlstead建议我进一步深入研究RNCryptor并找到解决方案。

Thanks to owlstead suggest I take a look deeper into RNCryptor and found a solution.

首先，是正确的，iOS不提供GCM，但在iOS中使用它。 ref there： iOS Security feb 2014

First of all after lots of googling it's seems that Zaph were right and iOS doesn't provide GCM but use it in iOS. ref there: iOS Security feb 2014

其次，RNCryptor不使用GCM，而是在CBC模式（密码块链接）中使用AES256，这是很好的，然后使用HMAC + SHA1进行验证。这符合我的要求。

Second, RNCryptor doesn't use GCM but use AES256 in CBC mode (Cipher Block Chaining), which is fine, and then authenticate with HMAC+SHA1. This fits my requirements.

要使用密钥加密并跳过密码导出部分，RNCryptor提供此功能：

To encrypt with a key and to skip the password derivation part, RNCryptor provide this function:

NSData *encryptedData = [RNEncryptor encryptData:yourData
                                        withSettings:kRNCryptorAES256Settings
                                       encryptionKey:encryptionKey
                                             HMACKey:HMACKey
                                               error:&error];

，然后用此

NSData *decryptedData = [RNDecryptor decryptData:encryptedData withEncryptionKey:encryptionKey HMACKey:HMACKey error:&decryptionError];

RNCryptor还提供密钥的随机生成方法。

RNCryptor also provide random generation methods for keys.

注意：使用AES256时请小心，密钥计划可能较弱： Schneier文章，但没有戏剧和AES256有其他观点是专业： Colin Percival的文章

Note: take care when using AES256, the key schedule can be weak: Schneier article but no drama and there are other point of view on AES256 that are pros: Colin Percival article

这篇关于是否可以在iOS上使用AES128与GCM模式？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！