在目标C中解密AES-256-CBC [英] Decrypting AES-256-CBC in Objective C

问题描述

我正在构建一个iPhone应用程序，该应用程序通过PHP后端通过JSON获取解密的字符串。

I am building an iPhone app which gets a decrypted string via JSON from a PHP backend.

在PHP中，我像这样对字符串进行加密：

In PHP I am encrypting the string like this:

$encrypt_method = "AES-256-CBC";
    $secret_key = 'This is my secret key';
    $secret_iv = 'This is my secret iv';

    // hash
    $key = hash('sha256', $secret_key);

    // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
    $iv = substr(hash('sha256', $secret_iv), 0, 16);

    if( $action == 'encrypt' ) {
        $output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
        $output = base64_encode($output);
    }

在Objective CI中，尝试使用BBEAS解密此字符串： https://github.com/benoitsan/BBAES

In Objective C I tried to decrypt this string with BBEAS: https://github.com/benoitsan/BBAES

此是我在目标C中获得的代码：

This is the code I have got in Objective C:

   NSData* salt = [BBAES IVFromString:@"This is my secret iv"];

    NSData *key = [BBAES keyBySaltingPassword:@"This is my secret key" salt:salt keySize:BBAESKeySize256 numberOfIterations:BBAESPBKDF2DefaultIterationsCount];
 NSData *decryptedMessage = [BBAES decryptedDataFromString:@"RlVnd01XOE5teTNseDFGQ3JScVhkQT09" IV:salt key:key];
    NSLog(@"Decrypted message: %@", decryptedMessage);

日志现在仅显示空对象。

The log only shows a null object now.

我发现了C＃的重复帖子：如何解密AES-256-CBC加密的字符串

I have found a duplicate post for C#: How to decrypt an AES-256-CBC encrypted string

编辑：
可以说我可以在PHP中调整编码。我应该如何在PHP中加密要在Objective C中解密的字符串？

Lets say that i can adjust the encoding in PHP. How should I encrypt the string in PHP to be decrypted in Objective C?

推荐答案

您在PHP中所做的与在在iOS中。我对这个BBAES框架不熟悉，但是您似乎拥有的密码是您使用PBKDF密钥派生方法生成的256位AES密钥，并使用该密码来解密数据。
但是，在PHP中，您是对密码进行哈希处理并使用它来加密数据，因此您可能使用不同的AES密钥进行加密和解密。而且我不确定IV是否匹配。

You are not doing the same thing in PHP as in iOS. I am not familiar with this BBAES framework, but what you seem to have is a password from which you are generating a 256 bit AES key using PBKDF key derivation, and using that to decrypt the data. However, in PHP you are hashing your password and using it to encrypt your data, so you are probably using different AES keys for encryption and decryption. And I am not sure that IVs match either.

您应该做的是：

在PHP中，生成您进行的每次加密都会随机生成一个16字节的IV，并使用PBKDF密钥派生从您的密码生成256位AES密钥。请记住，PHP和iOS中的盐和迭代次数必须相同。加密后，将IV附加到加密的数据上并发送。

In PHP, generate a random 16 byte IV for every encryption you do and use PBKDF key derivation to generate the 256 bit AES key from your password. Keep in mind that the salt and the number of iterations have to be the same in both PHP and iOS. After the encryption, append the IV to the encrypted data and send it.

在iOS中，从接收的密文中提取IV（最后16个字节），生成AES。用相同的盐和迭代次数之前的方式从密码输入密钥，然后解密数据（末尾没有16字节IV）

In iOS, extract the IV from the received ciphertext (the last 16 bytes), generate the AES key from your password the same way you did before using the same salt and number of iterations, and decrypt the data (without the 16 byte IV at the end)

编辑：

正如@Zaph所指出的，我忘了提起您也应该使用相同类型的填充。 BBAES似乎使用PKCS7填充。

As @Zaph pointed out, I forgot to mention that you should use also the same type of padding. BBAES seem to use PKCS7 padding.

这篇关于在目标C中解密AES-256-CBC的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！