Ndtyjky

Question

I'm trying to implement AES encryption in swift. The encryption decryption for Android and C# is working properly. I need to implement it in swift. It's current code for android and C# is followed by this.

I tried to use

CryptoSwift

Cross platform AES encryption

But none of it work. When I send the encrypted string on server it's not been decrypted.

Any help will be appreciated

Just compare output of working implementation. Standard test vectors for AES in various modes of operation are available. — user3703887, Jun 7 '16 at 13:11
@TruthSerum I tried to compare the encrypted value but it's not matching. I don't have access to android code, so I can't debug it too. I just got this link as a reference which I had already added in question — Jun 7 '16 at 13:13
Then look at the input parameters. You will have a 16byte plaintext block, a 16-20 bytes key (depending on AES-128, AES-256 .etc variant) and an IV initialization vector. All three need to match, for every block. You also need to make sure the padding protocol is the same between versions. — user3703887, Jun 7 '16 at 13:15
I'm getting only kCCOptionPKCS7Padding. How can I set it to PKCS5 padding with CBC mode? Checked but didn't found any solution for it too — Jun 7 '16 at 13:18
You need to use the same padding mode to decrypt and encrypt. If your API does not support it, you will have to implement it yourself. This might involve unpadding the wrong format, then repadding to the correct format. Again, you will find test vectors to verify that it's working correctly at every stage. — user3703887, Jun 7 '16 at 13:22

score 27 · Accepted Answer · 2018-01-08 20:34:15Z

Be sure to use the same parameters which seem to be AES with CBC mode with iv, PKCS5Padding (actually PKCS#7) padding and a 16-byte (128-bit) key.

PKCS#5 padding and PKCS#7 padding are essentially the same, sometimes for historic reasons PKCS#5 padding is specified for use with AES but the actual padding is PKCS#7.

Make sure the encodings of the key, iv and encrypted data all match. Hex dump them on both platforms to ensure they are identical. Encryption functions are not difficult to use, if all the input parameters are correct the output will be correct.

To make this more secure the iv should be random bytes and prepended to the encrypted data for use during decryption.

The Cross platform AES encryption uses a 256-bit key so will not work as-is.

Example:

Swift 2

// operation: kCCEncrypt or kCCDecrypt

func testCrypt(data data:[UInt8], keyData:[UInt8], ivData:[UInt8], operation:Int) -> [UInt8]? {

    let cryptLength  = size_t(data.count+kCCBlockSizeAES128)

    var cryptData    = [UInt8](count:cryptLength, repeatedValue:0)



    let keyLength             = size_t(kCCKeySizeAES128)

    let algoritm: CCAlgorithm = UInt32(kCCAlgorithmAES128)

    let options:  CCOptions   = UInt32(kCCOptionPKCS7Padding)



    var numBytesEncrypted :size_t = 0



    let cryptStatus = CCCrypt(CCOperation(operation),

                              algoritm,

                              options,

                              keyData, keyLength,

                              ivData,

                              data, data.count,

                              &cryptData, cryptLength,

                              &numBytesEncrypted)



    if UInt32(cryptStatus) == UInt32(kCCSuccess) {

        cryptData.removeRange(numBytesEncrypted..<cryptData.count)



    } else {

        print("Error: (cryptStatus)")

    }



    return cryptData;

}



let message       = "Don´t try to read this text. Top Secret Stuff"

let messageData   = Array(message.utf8)

let keyData       = Array("12345678901234567890123456789012".utf8)

let ivData        = Array("abcdefghijklmnop".utf8)

let encryptedData = testCrypt(data:messageData,   keyData:keyData, ivData:ivData, operation:kCCEncrypt)!

let decryptedData = testCrypt(data:encryptedData, keyData:keyData, ivData:ivData, operation:kCCDecrypt)!

var decrypted     = String(bytes:decryptedData, encoding:NSUTF8StringEncoding)!



print("message:       (message)");

print("messageData:   (NSData(bytes:messageData,   length:messageData.count))");

print("keyData:       (NSData(bytes:keyData,       length:keyData.count))");

print("ivData:        (NSData(bytes:ivData,        length:ivData.count))");

print("encryptedData: (NSData(bytes:encryptedData, length:encryptedData.count))");

print("decryptedData: (NSData(bytes:decryptedData, length:decryptedData.count))");

print("decrypted:     (String(bytes:decryptedData,encoding:NSUTF8StringEncoding)!)");

Output:



message:       Don´t try to read this text. Top Secret Stuff  

messageData:   446f6ec2 b4742074 72792074 6f207265 61642074 68697320 74657874 2e20546f 70205365 63726574 20537475 6666  

keyData:       31323334 35363738 39303132 33343536 37383930 31323334 35363738 39303132  

ivData:        61626364 65666768 696a6b6c 6d6e6f70  

encryptedData: b1b6dc17 62eaf3f8 baa1cb87 21ddc35c dee803ed fb320020 85794848 21206943 a85feb5b c8ee58fc d6fb664b 96b81114  

decryptedData: 446f6ec2 b4742074 72792074 6f207265 61642074 68697320 74657874 2e20546f 70205365 63726574 20537475 6666  

decrypted:     Don´t try to read this text. Top Secret Stuff

Swift 3 with [UInt8] type

func testCrypt(data:[UInt8], keyData:[UInt8], ivData:[UInt8], operation:Int) -> [UInt8]? {

    let cryptLength  = size_t(data.count+kCCBlockSizeAES128)

    var cryptData    = [UInt8](repeating:0, count:cryptLength)



    let keyLength             = size_t(kCCKeySizeAES128)

    let algoritm: CCAlgorithm = UInt32(kCCAlgorithmAES128)

    let options:  CCOptions   = UInt32(kCCOptionPKCS7Padding)



    var numBytesEncrypted :size_t = 0



    let cryptStatus = CCCrypt(CCOperation(operation),

                              algoritm,

                              options,

                              keyData, keyLength,

                              ivData,

                              data, data.count,

                              &cryptData, cryptLength,

                              &numBytesEncrypted)



    if UInt32(cryptStatus) == UInt32(kCCSuccess) {

        cryptData.removeSubrange(numBytesEncrypted..<cryptData.count)



    } else {

        print("Error: (cryptStatus)")

    }



    return cryptData;

}

Swift 3 & 4 with Data type

func testCrypt(data:Data, keyData:Data, ivData:Data, operation:Int) -> Data {

    let cryptLength  = size_t(data.count + kCCBlockSizeAES128)

    var cryptData = Data(count:cryptLength)



    let keyLength             = size_t(kCCKeySizeAES128)

    let options   = CCOptions(kCCOptionPKCS7Padding)





    var numBytesEncrypted :size_t = 0



    let cryptStatus = cryptData.withUnsafeMutableBytes {cryptBytes in

        data.withUnsafeBytes {dataBytes in

            ivData.withUnsafeBytes {ivBytes in

                keyData.withUnsafeBytes {keyBytes in

                    CCCrypt(CCOperation(operation),

                              CCAlgorithm(kCCAlgorithmAES),

                              options,

                              keyBytes, keyLength,

                              ivBytes,

                              dataBytes, data.count,

                              cryptBytes, cryptLength,

                              &numBytesEncrypted)

                }

            }

        }

    }



    if UInt32(cryptStatus) == UInt32(kCCSuccess) {

        cryptData.removeSubrange(numBytesEncrypted..<cryptData.count)



    } else {

        print("Error: (cryptStatus)")

    }



    return cryptData;

}



let message     = "Don´t try to read this text. Top Secret Stuff"

let messageData = message.data(using:String.Encoding.utf8)!

let keyData     = "12345678901234567890123456789012".data(using:String.Encoding.utf8)!

let ivData      = "abcdefghijklmnop".data(using:String.Encoding.utf8)!



let encryptedData = testCrypt(data:messageData,   keyData:keyData, ivData:ivData, operation:kCCEncrypt)

let decryptedData = testCrypt(data:encryptedData, keyData:keyData, ivData:ivData, operation:kCCDecrypt)

var decrypted     = String(bytes:decryptedData, encoding:String.Encoding.utf8)!

Example from sunsetted documentation section:

AES encryption in CBC mode with a random IV (Swift 3+)

The iv is prefixed to the encrypted data

aesCBC128Encrypt will create a random IV and prefixed to the encrypted code.
aesCBC128Decrypt will use the prefixed IV during decryption.

Inputs are the data and key are Data objects. If an encoded form such as Base64 if required convert to and/or from in the calling method.

The key should be exactly 128-bits (16-bytes), 192-bits (24-bytes) or 256-bits (32-bytes) in length. If another key size is used an error will be thrown.

PKCS#7 padding is set by default.

This example requires Common Crypto

It is necessary to have a bridging header to the project:
#import <CommonCrypto/CommonCrypto.h>

Add the Security.framework to the project.

This is example, not production code.

enum AESError: Error {

    case KeyError((String, Int))

    case IVError((String, Int))

    case CryptorError((String, Int))

}



// The iv is prefixed to the encrypted data

func aesCBCEncrypt(data:Data, keyData:Data) throws -> Data {

    let keyLength = keyData.count

    let validKeyLengths = [kCCKeySizeAES128, kCCKeySizeAES192, kCCKeySizeAES256]

    if (validKeyLengths.contains(keyLength) == false) {

        throw AESError.KeyError(("Invalid key length", keyLength))

    }



    let ivSize = kCCBlockSizeAES128;

    let cryptLength = size_t(ivSize + data.count + kCCBlockSizeAES128)

    var cryptData = Data(count:cryptLength)



    let status = cryptData.withUnsafeMutableBytes {ivBytes in

        SecRandomCopyBytes(kSecRandomDefault, kCCBlockSizeAES128, ivBytes)

    }

    if (status != 0) {

        throw AESError.IVError(("IV generation failed", Int(status)))

    }



    var numBytesEncrypted :size_t = 0

    let options   = CCOptions(kCCOptionPKCS7Padding)



    let cryptStatus = cryptData.withUnsafeMutableBytes {cryptBytes in

        data.withUnsafeBytes {dataBytes in

            keyData.withUnsafeBytes {keyBytes in

                CCCrypt(CCOperation(kCCEncrypt),

                        CCAlgorithm(kCCAlgorithmAES),

                        options,

                        keyBytes, keyLength,

                        cryptBytes,

                        dataBytes, data.count,

                        cryptBytes+kCCBlockSizeAES128, cryptLength,

                        &numBytesEncrypted)

            }

        }

    }



    if UInt32(cryptStatus) == UInt32(kCCSuccess) {

        cryptData.count = numBytesEncrypted + ivSize

    }

    else {

        throw AESError.CryptorError(("Encryption failed", Int(cryptStatus)))

    }



    return cryptData;

}



// The iv is prefixed to the encrypted data

func aesCBCDecrypt(data:Data, keyData:Data) throws -> Data? {

    let keyLength = keyData.count

    let validKeyLengths = [kCCKeySizeAES128, kCCKeySizeAES192, kCCKeySizeAES256]

    if (validKeyLengths.contains(keyLength) == false) {

        throw AESError.KeyError(("Invalid key length", keyLength))

    }



    let ivSize = kCCBlockSizeAES128;

    let clearLength = size_t(data.count - ivSize)

    var clearData = Data(count:clearLength)



    var numBytesDecrypted :size_t = 0

    let options   = CCOptions(kCCOptionPKCS7Padding)



    let cryptStatus = clearData.withUnsafeMutableBytes {cryptBytes in

        data.withUnsafeBytes {dataBytes in

            keyData.withUnsafeBytes {keyBytes in

                CCCrypt(CCOperation(kCCDecrypt),

                        CCAlgorithm(kCCAlgorithmAES128),

                        options,

                        keyBytes, keyLength,

                        dataBytes,

                        dataBytes+kCCBlockSizeAES128, clearLength,

                        cryptBytes, clearLength,

                        &numBytesDecrypted)

            }

        }

    }



    if UInt32(cryptStatus) == UInt32(kCCSuccess) {

        clearData.count = numBytesDecrypted

    }

    else {

        throw AESError.CryptorError(("Decryption failed", Int(cryptStatus)))

    }



    return clearData;

}

Example usage:

let clearData = "clearData0123456".data(using:String.Encoding.utf8)!

let keyData   = "keyData890123456".data(using:String.Encoding.utf8)!

print("clearData:   (clearData as NSData)")

print("keyData:     (keyData as NSData)")



var cryptData :Data?

do {

    cryptData = try aesCBCEncrypt(data:clearData, keyData:keyData)

    print("cryptData:   (cryptData! as NSData)")

}

catch (let status) {

    print("Error aesCBCEncrypt: (status)")

}



let decryptData :Data?

do {

    let decryptData = try aesCBCDecrypt(data:cryptData!, keyData:keyData)

    print("decryptData: (decryptData! as NSData)")

}

catch (let status) {

    print("Error aesCBCDecrypt: (status)")

}

Example Output:

clearData:   <636c6561 72446174 61303132 33343536>

keyData:     <6b657944 61746138 39303132 33343536>

cryptData:   <92c57393 f454d959 5a4d158f 6e1cd3e7 77986ee9 b2970f49 2bafcf1a 8ee9d51a bde49c31 d7780256 71837a61 60fa4be0>

decryptData: <636c6561 72446174 61303132 33343536>

Notes:

One typical problem with CBC mode example code is that it leaves the creation and sharing of the random IV to the user. This example includes generation of the IV, prefixed the encrypted data and uses the prefixed IV during decryption. This frees the casual user from the details that are necessary for CBC mode.

For security the encrypted data also should have authentication, this example code does not provide that in order to be small and allow better interoperability for other platforms.

Also missing is key derivation of the key from a password, it is suggested that PBKDF2 be used is text passwords are used as keying material.

For robust production ready multi-platform encryption code see RNCryptor.

please help. I want the encryption in String. I tried to convert [UInt8] to String but it's returning nil. Please help. How can I get encrypted string value — Jun 20 '16 at 11:27
Not all bytes are representable as printable characters and most are not representable as unicode characters. Encryption is a data operation and the output is essentially random 8-bit bytes and as such will not be representable directly as string characters. The answer is to convert the encrypted output to a different encoding, Base64 and hexadecimal are the usual encodings and on decryption to convert the string representation back to [Uint8]. — Jun 20 '16 at 11:39

ingconti 5,60413226 · Answer 2 · 2017-10-30 20:37:36Z

my two cents:

swift 4 / xcode 9 extension for Data:

extension Data{



    func aesEncrypt( keyData: Data, ivData: Data, operation: Int) -> Data {

        let dataLength = self.count

        let cryptLength  = size_t(dataLength + kCCBlockSizeAES128)

        var cryptData = Data(count:cryptLength)



        let keyLength = size_t(kCCKeySizeAES128)

        let options = CCOptions(kCCOptionPKCS7Padding)





        var numBytesEncrypted :size_t = 0



        let cryptStatus = cryptData.withUnsafeMutableBytes {cryptBytes in

            self.withUnsafeBytes {dataBytes in

                ivData.withUnsafeBytes {ivBytes in

                    keyData.withUnsafeBytes {keyBytes in

                        CCCrypt(CCOperation(operation),

                                CCAlgorithm(kCCAlgorithmAES),

                                options,

                                keyBytes, keyLength,

                                ivBytes,

                                dataBytes, dataLength,

                                cryptBytes, cryptLength,

                                &numBytesEncrypted)

                    }

                }

            }

        }



        if UInt32(cryptStatus) == UInt32(kCCSuccess) {

            cryptData.removeSubrange(numBytesEncrypted..<cryptData.count)



        } else {

            print("Error: (cryptStatus)")

        }



        return cryptData;

    }



}









    func testAES() -> Bool {



        let message     = "secret message"

        let key         = "key890123456"

        let ivString     = "abcdefghijklmnop"   // 16 bytes for AES128



        let messageData = message.data(using:String.Encoding.utf8)!

        let keyData     = key.data(using: .utf8)!

        let ivData      = ivString.data(using: .utf8)!



        let encryptedData = messageData.aesEncrypt( keyData:keyData, ivData:ivData, operation:kCCEncrypt)

        let decryptedData = encryptedData.aesEncrypt( keyData:keyData, ivData:ivData, operation:kCCDecrypt)

        let decrypted     = String(bytes:decryptedData, encoding:String.Encoding.utf8)!



        return message == decrypted



    }

1. The key should be the correct length, 16-bytes given kCCKeySizeAES128 in the code. Relying on undocumented key extension should not be done. 2. This is one example from the accepted answer wrapped in an extension with out attribution. But it is pleasing that @ingconti saw fit to use my code. 😄 — Oct 30 '17 at 20:58

aguilarpgc 1,0241220 · Answer 3 · 2018-10-04 19:18:44Z

I have used CryptoSwift.

First I have install cryptoSwift in the pod file. Then in my view controller I have import CryptoSwift.

Here is the code that I have used:

let value = "xyzzy".  // This is the value that we want to encrypt

let key = "abc".      // This is the key 



let EncryptedValue = try! value.aesEncrypt(key: key)

let DecryptedValue = try! EncryptedValue.aesDecrypt(key: key)

Then, using String extension:

extension String {



    func aesEncrypt(key: String) throws -> String {



        var result = ""



        do {



            let key: [UInt8] = Array(key.utf8) as [UInt8]

            let aes = try! AES(key: key, blockMode: .ECB, padding: .pkcs5) // AES128 .ECB pkcs7

            let encrypted = try aes.encrypt(Array(self.utf8))



            result = encrypted.toBase64()!



            print("AES Encryption Result: (result)")



        } catch {



            print("Error: (error)")

        }



        return result

    }



    func aesDecrypt(key: String) throws -> String {



        var result = ""



        do {



            let encrypted = self

            let key: [UInt8] = Array(key.utf8) as [UInt8]

            let aes = try! AES(key: key, blockMode: .ECB, padding: .pkcs5) // AES128 .ECB pkcs7

            let decrypted = try aes.decrypt(Array(base64: encrypted))



            result = String(data: Data(decrypted), encoding: .utf8) ?? ""



            print("AES Decryption Result: (result)")



        } catch {



            print("Error: (error)")

        }



        return result

    }

}

In this I have not used iv and encrypted.toBase64() to encrypt like result = encrypted.toBase64()! in place of result = encrypted.toStringHex()! in encryption

and similar in decryption let decrypted = try aes.decrypt(Array(base64: encrypted)) in place of let decrypted = try aes.decrypt(Array(Hex: encrypted))

let aes = try! AES(key: key, blockMode: .ECB, padding: .pkcs5) in this case there is no need of iv. and check you have install pod 'CryptoSwift' in your pod or not. And if you done this then import CryptoSwift in your file. This thing work for me.. — Nov 26 at 11:54

Alexi 1,0361429 · Answer 4 · 2017-12-19 07:46:04Z

Found a nice library named RNCryptor implemented in swift language for AES encryption/ decryption.

Installation can be done with Cocoapods or Carthage.
Here is the sample code for encryption and decryption.

// Encryption

let data = "sample data string".data(using: String.Encoding.utf8)

let password = "Secret password"

let encryptedData = RNCryptor.encrypt(data: data, withPassword: password)



// Decryption

do {

    let originalData = try RNCryptor.decrypt(data: encryptedData, withPassword: password)

    // ...

} catch {

    print(error)

}

nice lib, but why to add a LOT of files for simple job.. :)
– ingconti
Feb 2 at 17:36 — Feb 2 at 17:36

Khemmachart Chutapetch 413 · Answer 5 · 2018-09-11 08:34:02Z

For anyone who cannot transform array of bytes to a String

String(data: Data(decrypted), encoding: .utf8)

This is my example string extension

extension String {



    func decryptAES(key: String, iv: String) -> String {

        do {

            let encrypted = self

            let key = Array(key.utf8)

            let iv = Array(iv.utf8)

            let aes = try AES(key: key, blockMode: CTR(iv: iv), padding: .noPadding)

            let decrypted = try aes.decrypt(Array(hex: encrypted))

            return String(data: Data(decrypted), encoding: .utf8) ?? ""

        } catch {

            return "Error: (error)"

        }

    }

}

tadija 1,4911223 · Answer 6 · 2018-11-29 04:22:56Z

Swift 4.2

I refactored @ingconti 's code.

import Foundation

import CommonCrypto



struct AES {



    // MARK: - Value

    // MARK: Private

    private let key: Data

    private let iv: Data





    // MARK: - Initialzier

    init?(key: String, iv: String) {

        guard key.count == kCCKeySizeAES128 || key.count == kCCKeySizeAES256, let keyData = key.data(using: .utf8) else {

            debugPrint("Error: Failed to set a key.")

            return nil

        }



        guard iv.count == kCCBlockSizeAES128, let ivData = iv.data(using: .utf8) else {

            debugPrint("Error: Failed to set an initial vector.")

            return nil

        }





        self.key = keyData

        self.iv  = ivData

    }





    // MARK: - Function

    // MARK: Public

    func encrypt(string: String) -> Data? {

        return crypt(data: string.data(using: .utf8), option: CCOperation(kCCEncrypt))

    }



    func decrypt(data: Data?) -> String? {

        guard let decryptedData = crypt(data: data, option: CCOperation(kCCDecrypt)) else { return nil }

        return String(bytes: decryptedData, encoding: .utf8)

    }



    func crypt(data: Data?, option: CCOperation) -> Data? {

        guard let data = data else { return nil }



        let cryptLength = [UInt8](repeating: 0, count: data.count + kCCBlockSizeAES128).count

        var cryptData   = Data(count: cryptLength)



        let keyLength = [UInt8](repeating: 0, count: kCCBlockSizeAES128).count

        let options   = CCOptions(kCCOptionPKCS7Padding)



        var bytesLength = Int(0)



        let status = cryptData.withUnsafeMutableBytes { cryptBytes in

            data.withUnsafeBytes { dataBytes in

                iv.withUnsafeBytes { ivBytes in

                    key.withUnsafeBytes { keyBytes in

                    CCCrypt(option, CCAlgorithm(kCCAlgorithmAES), options, keyBytes, keyLength, ivBytes, dataBytes, data.count, cryptBytes, cryptLength, &bytesLength)

                    }

                }

            }

        }



        guard UInt32(status) == UInt32(kCCSuccess) else {

            debugPrint("Error: Failed to crypt data. Status (status)")

            return nil

        }



        cryptData.removeSubrange(bytesLength..<cryptData.count)

        return cryptData

    }

}

Use like this

let password = "UserPassword1!"

let key128   = "1234567890123456"                   // 16 bytes for AES128

let key256   = "12345678901234561234567890123456"   // 32 bytes for AES256

let iv       = "abcdefghijklmnop"                   // 16 bytes for AES128



let aes128 = AES(key: key128, iv: iv)

let aes256 = AES(key: key256, iv: iv)



let encryptedPassword128 = aes128?.encrypt(string: password)

aes128?.decrypt(data: encryptedPassword128)



let encryptedPassword256 = aes256?.encrypt(string: password)

aes256?.decrypt(data: encryptedPassword256)

Results

enter image description here

score 27 · Accepted Answer · 2018-01-08 20:34:15Z

Be sure to use the same parameters which seem to be AES with CBC mode with iv, PKCS5Padding (actually PKCS#7) padding and a 16-byte (128-bit) key.

PKCS#5 padding and PKCS#7 padding are essentially the same, sometimes for historic reasons PKCS#5 padding is specified for use with AES but the actual padding is PKCS#7.

Make sure the encodings of the key, iv and encrypted data all match. Hex dump them on both platforms to ensure they are identical. Encryption functions are not difficult to use, if all the input parameters are correct the output will be correct.

To make this more secure the iv should be random bytes and prepended to the encrypted data for use during decryption.

The Cross platform AES encryption uses a 256-bit key so will not work as-is.

Example:

Swift 2

// operation: kCCEncrypt or kCCDecrypt

func testCrypt(data data:[UInt8], keyData:[UInt8], ivData:[UInt8], operation:Int) -> [UInt8]? {

    let cryptLength  = size_t(data.count+kCCBlockSizeAES128)

    var cryptData    = [UInt8](count:cryptLength, repeatedValue:0)



    let keyLength             = size_t(kCCKeySizeAES128)

    let algoritm: CCAlgorithm = UInt32(kCCAlgorithmAES128)

    let options:  CCOptions   = UInt32(kCCOptionPKCS7Padding)



    var numBytesEncrypted :size_t = 0



    let cryptStatus = CCCrypt(CCOperation(operation),

                              algoritm,

                              options,

                              keyData, keyLength,

                              ivData,

                              data, data.count,

                              &cryptData, cryptLength,

                              &numBytesEncrypted)



    if UInt32(cryptStatus) == UInt32(kCCSuccess) {

        cryptData.removeRange(numBytesEncrypted..<cryptData.count)



    } else {

        print("Error: (cryptStatus)")

    }



    return cryptData;

}



let message       = "Don´t try to read this text. Top Secret Stuff"

let messageData   = Array(message.utf8)

let keyData       = Array("12345678901234567890123456789012".utf8)

let ivData        = Array("abcdefghijklmnop".utf8)

let encryptedData = testCrypt(data:messageData,   keyData:keyData, ivData:ivData, operation:kCCEncrypt)!

let decryptedData = testCrypt(data:encryptedData, keyData:keyData, ivData:ivData, operation:kCCDecrypt)!

var decrypted     = String(bytes:decryptedData, encoding:NSUTF8StringEncoding)!



print("message:       (message)");

print("messageData:   (NSData(bytes:messageData,   length:messageData.count))");

print("keyData:       (NSData(bytes:keyData,       length:keyData.count))");

print("ivData:        (NSData(bytes:ivData,        length:ivData.count))");

print("encryptedData: (NSData(bytes:encryptedData, length:encryptedData.count))");

print("decryptedData: (NSData(bytes:decryptedData, length:decryptedData.count))");

print("decrypted:     (String(bytes:decryptedData,encoding:NSUTF8StringEncoding)!)");

Output:



message:       Don´t try to read this text. Top Secret Stuff  

messageData:   446f6ec2 b4742074 72792074 6f207265 61642074 68697320 74657874 2e20546f 70205365 63726574 20537475 6666  

keyData:       31323334 35363738 39303132 33343536 37383930 31323334 35363738 39303132  

ivData:        61626364 65666768 696a6b6c 6d6e6f70  

encryptedData: b1b6dc17 62eaf3f8 baa1cb87 21ddc35c dee803ed fb320020 85794848 21206943 a85feb5b c8ee58fc d6fb664b 96b81114  

decryptedData: 446f6ec2 b4742074 72792074 6f207265 61642074 68697320 74657874 2e20546f 70205365 63726574 20537475 6666  

decrypted:     Don´t try to read this text. Top Secret Stuff

Swift 3 with [UInt8] type

func testCrypt(data:[UInt8], keyData:[UInt8], ivData:[UInt8], operation:Int) -> [UInt8]? {

    let cryptLength  = size_t(data.count+kCCBlockSizeAES128)

    var cryptData    = [UInt8](repeating:0, count:cryptLength)



    let keyLength             = size_t(kCCKeySizeAES128)

    let algoritm: CCAlgorithm = UInt32(kCCAlgorithmAES128)

    let options:  CCOptions   = UInt32(kCCOptionPKCS7Padding)



    var numBytesEncrypted :size_t = 0



    let cryptStatus = CCCrypt(CCOperation(operation),

                              algoritm,

                              options,

                              keyData, keyLength,

                              ivData,

                              data, data.count,

                              &cryptData, cryptLength,

                              &numBytesEncrypted)



    if UInt32(cryptStatus) == UInt32(kCCSuccess) {

        cryptData.removeSubrange(numBytesEncrypted..<cryptData.count)



    } else {

        print("Error: (cryptStatus)")

    }



    return cryptData;

}

Swift 3 & 4 with Data type

func testCrypt(data:Data, keyData:Data, ivData:Data, operation:Int) -> Data {

    let cryptLength  = size_t(data.count + kCCBlockSizeAES128)

    var cryptData = Data(count:cryptLength)



    let keyLength             = size_t(kCCKeySizeAES128)

    let options   = CCOptions(kCCOptionPKCS7Padding)





    var numBytesEncrypted :size_t = 0



    let cryptStatus = cryptData.withUnsafeMutableBytes {cryptBytes in

        data.withUnsafeBytes {dataBytes in

            ivData.withUnsafeBytes {ivBytes in

                keyData.withUnsafeBytes {keyBytes in

                    CCCrypt(CCOperation(operation),

                              CCAlgorithm(kCCAlgorithmAES),

                              options,

                              keyBytes, keyLength,

                              ivBytes,

                              dataBytes, data.count,

                              cryptBytes, cryptLength,

                              &numBytesEncrypted)

                }

            }

        }

    }



    if UInt32(cryptStatus) == UInt32(kCCSuccess) {

        cryptData.removeSubrange(numBytesEncrypted..<cryptData.count)



    } else {

        print("Error: (cryptStatus)")

    }



    return cryptData;

}



let message     = "Don´t try to read this text. Top Secret Stuff"

let messageData = message.data(using:String.Encoding.utf8)!

let keyData     = "12345678901234567890123456789012".data(using:String.Encoding.utf8)!

let ivData      = "abcdefghijklmnop".data(using:String.Encoding.utf8)!



let encryptedData = testCrypt(data:messageData,   keyData:keyData, ivData:ivData, operation:kCCEncrypt)

let decryptedData = testCrypt(data:encryptedData, keyData:keyData, ivData:ivData, operation:kCCDecrypt)

var decrypted     = String(bytes:decryptedData, encoding:String.Encoding.utf8)!

Example from sunsetted documentation section:

AES encryption in CBC mode with a random IV (Swift 3+)

The iv is prefixed to the encrypted data

aesCBC128Encrypt will create a random IV and prefixed to the encrypted code.
aesCBC128Decrypt will use the prefixed IV during decryption.

Inputs are the data and key are Data objects. If an encoded form such as Base64 if required convert to and/or from in the calling method.

The key should be exactly 128-bits (16-bytes), 192-bits (24-bytes) or 256-bits (32-bytes) in length. If another key size is used an error will be thrown.

PKCS#7 padding is set by default.

This example requires Common Crypto

It is necessary to have a bridging header to the project:
#import <CommonCrypto/CommonCrypto.h>

Add the Security.framework to the project.

This is example, not production code.

enum AESError: Error {

    case KeyError((String, Int))

    case IVError((String, Int))

    case CryptorError((String, Int))

}



// The iv is prefixed to the encrypted data

func aesCBCEncrypt(data:Data, keyData:Data) throws -> Data {

    let keyLength = keyData.count

    let validKeyLengths = [kCCKeySizeAES128, kCCKeySizeAES192, kCCKeySizeAES256]

    if (validKeyLengths.contains(keyLength) == false) {

        throw AESError.KeyError(("Invalid key length", keyLength))

    }



    let ivSize = kCCBlockSizeAES128;

    let cryptLength = size_t(ivSize + data.count + kCCBlockSizeAES128)

    var cryptData = Data(count:cryptLength)



    let status = cryptData.withUnsafeMutableBytes {ivBytes in

        SecRandomCopyBytes(kSecRandomDefault, kCCBlockSizeAES128, ivBytes)

    }

    if (status != 0) {

        throw AESError.IVError(("IV generation failed", Int(status)))

    }



    var numBytesEncrypted :size_t = 0

    let options   = CCOptions(kCCOptionPKCS7Padding)



    let cryptStatus = cryptData.withUnsafeMutableBytes {cryptBytes in

        data.withUnsafeBytes {dataBytes in

            keyData.withUnsafeBytes {keyBytes in

                CCCrypt(CCOperation(kCCEncrypt),

                        CCAlgorithm(kCCAlgorithmAES),

                        options,

                        keyBytes, keyLength,

                        cryptBytes,

                        dataBytes, data.count,

                        cryptBytes+kCCBlockSizeAES128, cryptLength,

                        &numBytesEncrypted)

            }

        }

    }



    if UInt32(cryptStatus) == UInt32(kCCSuccess) {

        cryptData.count = numBytesEncrypted + ivSize

    }

    else {

        throw AESError.CryptorError(("Encryption failed", Int(cryptStatus)))

    }



    return cryptData;

}



// The iv is prefixed to the encrypted data

func aesCBCDecrypt(data:Data, keyData:Data) throws -> Data? {

    let keyLength = keyData.count

    let validKeyLengths = [kCCKeySizeAES128, kCCKeySizeAES192, kCCKeySizeAES256]

    if (validKeyLengths.contains(keyLength) == false) {

        throw AESError.KeyError(("Invalid key length", keyLength))

    }



    let ivSize = kCCBlockSizeAES128;

    let clearLength = size_t(data.count - ivSize)

    var clearData = Data(count:clearLength)



    var numBytesDecrypted :size_t = 0

    let options   = CCOptions(kCCOptionPKCS7Padding)



    let cryptStatus = clearData.withUnsafeMutableBytes {cryptBytes in

        data.withUnsafeBytes {dataBytes in

            keyData.withUnsafeBytes {keyBytes in

                CCCrypt(CCOperation(kCCDecrypt),

                        CCAlgorithm(kCCAlgorithmAES128),

                        options,

                        keyBytes, keyLength,

                        dataBytes,

                        dataBytes+kCCBlockSizeAES128, clearLength,

                        cryptBytes, clearLength,

                        &numBytesDecrypted)

            }

        }

    }



    if UInt32(cryptStatus) == UInt32(kCCSuccess) {

        clearData.count = numBytesDecrypted

    }

    else {

        throw AESError.CryptorError(("Decryption failed", Int(cryptStatus)))

    }



    return clearData;

}

Example usage:

let clearData = "clearData0123456".data(using:String.Encoding.utf8)!

let keyData   = "keyData890123456".data(using:String.Encoding.utf8)!

print("clearData:   (clearData as NSData)")

print("keyData:     (keyData as NSData)")



var cryptData :Data?

do {

    cryptData = try aesCBCEncrypt(data:clearData, keyData:keyData)

    print("cryptData:   (cryptData! as NSData)")

}

catch (let status) {

    print("Error aesCBCEncrypt: (status)")

}



let decryptData :Data?

do {

    let decryptData = try aesCBCDecrypt(data:cryptData!, keyData:keyData)

    print("decryptData: (decryptData! as NSData)")

}

catch (let status) {

    print("Error aesCBCDecrypt: (status)")

}

Example Output:

clearData:   <636c6561 72446174 61303132 33343536>

keyData:     <6b657944 61746138 39303132 33343536>

cryptData:   <92c57393 f454d959 5a4d158f 6e1cd3e7 77986ee9 b2970f49 2bafcf1a 8ee9d51a bde49c31 d7780256 71837a61 60fa4be0>

decryptData: <636c6561 72446174 61303132 33343536>

Notes:

One typical problem with CBC mode example code is that it leaves the creation and sharing of the random IV to the user. This example includes generation of the IV, prefixed the encrypted data and uses the prefixed IV during decryption. This frees the casual user from the details that are necessary for CBC mode.

For security the encrypted data also should have authentication, this example code does not provide that in order to be small and allow better interoperability for other platforms.

Also missing is key derivation of the key from a password, it is suggested that PBKDF2 be used is text passwords are used as keying material.

For robust production ready multi-platform encryption code see RNCryptor.

please help. I want the encryption in String. I tried to convert [UInt8] to String but it's returning nil. Please help. How can I get encrypted string value — Jun 20 '16 at 11:27
Not all bytes are representable as printable characters and most are not representable as unicode characters. Encryption is a data operation and the output is essentially random 8-bit bytes and as such will not be representable directly as string characters. The answer is to convert the encrypted output to a different encoding, Base64 and hexadecimal are the usual encodings and on decryption to convert the string representation back to [Uint8]. — Jun 20 '16 at 11:39

ingconti 5,60413226 · Answer 8 · 2017-10-30 20:37:36Z

my two cents:

swift 4 / xcode 9 extension for Data:

extension Data{



    func aesEncrypt( keyData: Data, ivData: Data, operation: Int) -> Data {

        let dataLength = self.count

        let cryptLength  = size_t(dataLength + kCCBlockSizeAES128)

        var cryptData = Data(count:cryptLength)



        let keyLength = size_t(kCCKeySizeAES128)

        let options = CCOptions(kCCOptionPKCS7Padding)





        var numBytesEncrypted :size_t = 0



        let cryptStatus = cryptData.withUnsafeMutableBytes {cryptBytes in

            self.withUnsafeBytes {dataBytes in

                ivData.withUnsafeBytes {ivBytes in

                    keyData.withUnsafeBytes {keyBytes in

                        CCCrypt(CCOperation(operation),

                                CCAlgorithm(kCCAlgorithmAES),

                                options,

                                keyBytes, keyLength,

                                ivBytes,

                                dataBytes, dataLength,

                                cryptBytes, cryptLength,

                                &numBytesEncrypted)

                    }

                }

            }

        }



        if UInt32(cryptStatus) == UInt32(kCCSuccess) {

            cryptData.removeSubrange(numBytesEncrypted..<cryptData.count)



        } else {

            print("Error: (cryptStatus)")

        }



        return cryptData;

    }



}









    func testAES() -> Bool {



        let message     = "secret message"

        let key         = "key890123456"

        let ivString     = "abcdefghijklmnop"   // 16 bytes for AES128



        let messageData = message.data(using:String.Encoding.utf8)!

        let keyData     = key.data(using: .utf8)!

        let ivData      = ivString.data(using: .utf8)!



        let encryptedData = messageData.aesEncrypt( keyData:keyData, ivData:ivData, operation:kCCEncrypt)

        let decryptedData = encryptedData.aesEncrypt( keyData:keyData, ivData:ivData, operation:kCCDecrypt)

        let decrypted     = String(bytes:decryptedData, encoding:String.Encoding.utf8)!



        return message == decrypted



    }

1. The key should be the correct length, 16-bytes given kCCKeySizeAES128 in the code. Relying on undocumented key extension should not be done. 2. This is one example from the accepted answer wrapped in an extension with out attribution. But it is pleasing that @ingconti saw fit to use my code. 😄 — Oct 30 '17 at 20:58

aguilarpgc 1,0241220 · Answer 9 · 2018-10-04 19:18:44Z

I have used CryptoSwift.

First I have install cryptoSwift in the pod file. Then in my view controller I have import CryptoSwift.

Here is the code that I have used:

let value = "xyzzy".  // This is the value that we want to encrypt

let key = "abc".      // This is the key 



let EncryptedValue = try! value.aesEncrypt(key: key)

let DecryptedValue = try! EncryptedValue.aesDecrypt(key: key)

Then, using String extension:

extension String {



    func aesEncrypt(key: String) throws -> String {



        var result = ""



        do {



            let key: [UInt8] = Array(key.utf8) as [UInt8]

            let aes = try! AES(key: key, blockMode: .ECB, padding: .pkcs5) // AES128 .ECB pkcs7

            let encrypted = try aes.encrypt(Array(self.utf8))



            result = encrypted.toBase64()!



            print("AES Encryption Result: (result)")



        } catch {



            print("Error: (error)")

        }



        return result

    }



    func aesDecrypt(key: String) throws -> String {



        var result = ""



        do {



            let encrypted = self

            let key: [UInt8] = Array(key.utf8) as [UInt8]

            let aes = try! AES(key: key, blockMode: .ECB, padding: .pkcs5) // AES128 .ECB pkcs7

            let decrypted = try aes.decrypt(Array(base64: encrypted))



            result = String(data: Data(decrypted), encoding: .utf8) ?? ""



            print("AES Decryption Result: (result)")



        } catch {



            print("Error: (error)")

        }



        return result

    }

}

In this I have not used iv and encrypted.toBase64() to encrypt like result = encrypted.toBase64()! in place of result = encrypted.toStringHex()! in encryption

and similar in decryption let decrypted = try aes.decrypt(Array(base64: encrypted)) in place of let decrypted = try aes.decrypt(Array(Hex: encrypted))

let aes = try! AES(key: key, blockMode: .ECB, padding: .pkcs5) in this case there is no need of iv. and check you have install pod 'CryptoSwift' in your pod or not. And if you done this then import CryptoSwift in your file. This thing work for me.. — Nov 26 at 11:54

Alexi 1,0361429 · Answer 10 · 2017-12-19 07:46:04Z

Found a nice library named RNCryptor implemented in swift language for AES encryption/ decryption.

Installation can be done with Cocoapods or Carthage.
Here is the sample code for encryption and decryption.

// Encryption

let data = "sample data string".data(using: String.Encoding.utf8)

let password = "Secret password"

let encryptedData = RNCryptor.encrypt(data: data, withPassword: password)



// Decryption

do {

    let originalData = try RNCryptor.decrypt(data: encryptedData, withPassword: password)

    // ...

} catch {

    print(error)

}

nice lib, but why to add a LOT of files for simple job.. :)
– ingconti
Feb 2 at 17:36 — Feb 2 at 17:36

Khemmachart Chutapetch 413 · Answer 11 · 2018-09-11 08:34:02Z

For anyone who cannot transform array of bytes to a String

String(data: Data(decrypted), encoding: .utf8)

This is my example string extension

extension String {



    func decryptAES(key: String, iv: String) -> String {

        do {

            let encrypted = self

            let key = Array(key.utf8)

            let iv = Array(iv.utf8)

            let aes = try AES(key: key, blockMode: CTR(iv: iv), padding: .noPadding)

            let decrypted = try aes.decrypt(Array(hex: encrypted))

            return String(data: Data(decrypted), encoding: .utf8) ?? ""

        } catch {

            return "Error: (error)"

        }

    }

}

tadija 1,4911223 · Answer 12 · 2018-11-29 04:22:56Z

Swift 4.2

I refactored @ingconti 's code.

import Foundation

import CommonCrypto



struct AES {



    // MARK: - Value

    // MARK: Private

    private let key: Data

    private let iv: Data





    // MARK: - Initialzier

    init?(key: String, iv: String) {

        guard key.count == kCCKeySizeAES128 || key.count == kCCKeySizeAES256, let keyData = key.data(using: .utf8) else {

            debugPrint("Error: Failed to set a key.")

            return nil

        }



        guard iv.count == kCCBlockSizeAES128, let ivData = iv.data(using: .utf8) else {

            debugPrint("Error: Failed to set an initial vector.")

            return nil

        }





        self.key = keyData

        self.iv  = ivData

    }





    // MARK: - Function

    // MARK: Public

    func encrypt(string: String) -> Data? {

        return crypt(data: string.data(using: .utf8), option: CCOperation(kCCEncrypt))

    }



    func decrypt(data: Data?) -> String? {

        guard let decryptedData = crypt(data: data, option: CCOperation(kCCDecrypt)) else { return nil }

        return String(bytes: decryptedData, encoding: .utf8)

    }



    func crypt(data: Data?, option: CCOperation) -> Data? {

        guard let data = data else { return nil }



        let cryptLength = [UInt8](repeating: 0, count: data.count + kCCBlockSizeAES128).count

        var cryptData   = Data(count: cryptLength)



        let keyLength = [UInt8](repeating: 0, count: kCCBlockSizeAES128).count

        let options   = CCOptions(kCCOptionPKCS7Padding)



        var bytesLength = Int(0)



        let status = cryptData.withUnsafeMutableBytes { cryptBytes in

            data.withUnsafeBytes { dataBytes in

                iv.withUnsafeBytes { ivBytes in

                    key.withUnsafeBytes { keyBytes in

                    CCCrypt(option, CCAlgorithm(kCCAlgorithmAES), options, keyBytes, keyLength, ivBytes, dataBytes, data.count, cryptBytes, cryptLength, &bytesLength)

                    }

                }

            }

        }



        guard UInt32(status) == UInt32(kCCSuccess) else {

            debugPrint("Error: Failed to crypt data. Status (status)")

            return nil

        }



        cryptData.removeSubrange(bytesLength..<cryptData.count)

        return cryptData

    }

}

Use like this

let password = "UserPassword1!"

let key128   = "1234567890123456"                   // 16 bytes for AES128

let key256   = "12345678901234561234567890123456"   // 32 bytes for AES256

let iv       = "abcdefghijklmnop"                   // 16 bytes for AES128



let aes128 = AES(key: key128, iv: iv)

let aes256 = AES(key: key256, iv: iv)



let encryptedPassword128 = aes128?.encrypt(string: password)

aes128?.decrypt(data: encryptedPassword128)



let encryptedPassword256 = aes256?.encrypt(string: password)

aes256?.decrypt(data: encryptedPassword256)

Results

enter image description here

搜尋此網誌

Ndtyjky

AES encryption in swift

6 Answers
6

Example from sunsetted documentation section:

Your Answer

Post as a guest

6 Answers
6

6 Answers
6

Example from sunsetted documentation section:

Example from sunsetted documentation section:

Example from sunsetted documentation section:

Example from sunsetted documentation section:

Post as a guest

Popular posts from this blog

Florida Star v. B. J. F.

Error while running script in elastic search , gateway timeout

Adding quotations to stringified JSON object values

AES encryption in swift

6 Answers 6

Example from sunsetted documentation section:

Your Answer

Sign up or log in

Post as a guest

Post as a guest

6 Answers 6

6 Answers 6

Example from sunsetted documentation section:

Example from sunsetted documentation section:

Example from sunsetted documentation section:

Example from sunsetted documentation section:

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog

Florida Star v. B. J. F.

Error while running script in elastic search , gateway timeout

Adding quotations to stringified JSON object values

6 Answers
6

6 Answers
6

6 Answers
6