.Net和iPhone之间的AES互操作性? [英] AES interoperability between .Net and iPhone?
问题描述
我需要一个字符串在iPhone上进行加密,并将其发送到.NET Web服务进行解密。我可以加密/解密的iPhone和与.net,但是从iPhone加密的字符串不能被净解密。我得到的错误是填充是无效的不能删除。
I need to encrypt a string on the iPhone and send it to a .Net web service for decryption. I am able to encrypt/decrypt on the iPhone and with .Net, but the encrypted strings from the iPhone cannot be decrypted by .Net. The error I get is "Padding is invalid and cannot be removed."
在.NET code是: <一href="http://blog.real$c$crscoding.com/index.php/2008/07/dot-net-encryption-simple-aes-wrapper/">http://blog.real$c$crscoding.com/index.php/2008/07/dot-net-encryption-simple-aes-wrapper/
The .Net code is from: http://blog.realcoderscoding.com/index.php/2008/07/dot-net-encryption-simple-aes-wrapper/
在iPhone code使用从样本code:<一href="http://nootech.word$p$pss.com/2009/01/17/symmetric-encryption-with-the-iphone-sdk/">http://nootech.word$p$pss.com/2009/01/17/symmetric-encryption-with-the-iphone-sdk/
The iPhone code uses the sample code from: http://nootech.wordpress.com/2009/01/17/symmetric-encryption-with-the-iphone-sdk/
AFAIK我的键设置是一样的:
AFAIK my key settings are the same:
result.BlockSize = 128; // iPhone: kCCBlockSizeAES128
result.KeySize = 128; // kCCBlockSizeAES128
result.Mode = CipherMode.CBC;
result.Padding = PaddingMode.PKCS7; // kCCOptionPKCS7Padding
我试图生成密文的方式不同。您好/ Hello是:
I tried different ways of generating ciphertext. hello/hello is:
e0PnmbTg / 3cT3W + 92CDw1Q ==在.net
e0PnmbTg/3cT3W+92CDw1Q== in .Net
yrKe5Z7p7MNqx9 + CbBvNqQ ==在iPhone
yrKe5Z7p7MNqx9+CbBvNqQ== on iPhone
和OpenSSL -AES ENC-128-CBC -nosalt -a -in hello.txt的-pass传:您好产生:QA + UL + r6Zmr7yHipMcHSbQ ==
and "openssl enc -aes-128-cbc -nosalt -a -in hello.txt -pass pass:hello" generates: QA+Ul+r6Zmr7yHipMcHSbQ==
更新:我已经张贴工作code本这里。
推荐答案
最起码,你正在使用不同的初始向量(IV)。
At the very least, you are using differing initialization vectors (IV).
-
在.NET code使用的关键IV。
The .Net code uses the key for IV.
private static AesCryptoServiceProvider GetProvider(byte[] key)
{
//Set up the encryption objects
AesCryptoServiceProvider result = new AesCryptoServiceProvider();
byte[] RealKey = Encryptor.GetKey(key, result);
result.Key = RealKey;
result.IV = RealKey;
return result;
}和
private static byte[] GetKey(byte[] suggestedKey, AesCryptoServiceProvider p)
{
byte[] kRaw = suggestedKey;
List kList = new List();
for (int i = 0; i < p.LegalKeySizes[0].MinSize; i += 8 )
{
kList.Add(kRaw[i % kRaw.Length]);
}
byte[] k = kList.ToArray();
return k;
}
这也许应该是: kList.Add(kRaw [(I / 8)%kRaw.Length]); 。另外一个关键,它的长度%8 == 0将重复使用相同的信,卫生署!
which should probably be: kList.Add(kRaw[(i / 8) % kRaw.Length]);. Otherwise a key whose length % 8 == 0 will use the same letter repeatedly, doh!
因此,使用.NET中的IV(和密钥)是: hleolhleolhleolh 。这不是API的一部分,而是因为你在尖(其中有一个严重的错误...)。
Thus the IV (and key) used by .Net is: hleolhleolhleolh. This is not part of the API, but rather due to the wrapper code that you pointed at (which has a serious bug in it...).
在iPhone code采用0四。
The iPhone code uses 0 for IV.
// Initialization vector; dummy in this case 0's.
uint8_t iv[kChosenCipherBlockSize];
memset((void *) iv, 0x0, (size_t) sizeof(iv));
OpenSSL的默认prepends一个随机生成的盐(这就是为什么输出更长!)。
openssl by default prepends a randomly generated salt (which is why the output is longer!).
OpenSSL的输出更加安全,因为它是prepending随机初始化向量。它看起来像的base64德codeD字符串的前几个字节是Salted__。您也可以要求OpenSSL的为不使用盐(-nosalt)和/或提供四(-IV)。
The openssl output is more secure since it is prepending a random initialization vector. It looks like the first few bytes of the base64 decoded string is "Salted__". You can also ask openssl to not use a salt (-nosalt) and / or provide an IV (-iv).
从本质上讲,OpenSSL的,.NET,并使用相同的加密的iPhone,你只需要你如何初始化的API与加密密钥和初始化向量要小心。
Essentially, openssl, .Net, and the iPhone are using the same encryption, you just need to be careful how you initialize the APIs with the encryption key and the initialization vector.
这篇关于.Net和iPhone之间的AES互操作性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
