REST Service encryption supporting Android/iOS encryption

[Decoder]

Hi Kim!

We’ve are attempting to interface a mobile app on both Android and iOS with our encryption scheme.

We’re using a custom http header to hold an encrypted, base64 encoded string.

I noticed that CFB 8-bit appears to be the encryption method for Rijndael/AES by default. We’re using a salt to further secure the string.

We are having a difficult time trying to properly encrypt the auth info using non-kbm android/ios native tools and have some questions; I have dug into your encryption source and have been unable to determine the answers to these questions:

How is the salt being used? We’re currently assuming that the key is generated using PBKDF2 using the salt and password with 10 iterations with key size 256/32.

What IV (initialization vector) are you using?

We are using the following method to encrypt and salt:

var

str,password: AnsiString;

CipherAES : TkbmMWCipherAES ;
BeforeBytes : TkbmMWBytes ;
AfterBytes : TkbmMWBytes ;
begin
try
CipherAES := TkbmMWCipherAES.Create(nil) ; // Owner

CipherAES.InitString(Password, // const Key:string
TkbmMWHashSHA256,
True) ;

SetLength(BeforeBytes, Length(Str)) ;
Move(Str[1], BeforeBytes[0], Length(Str)) ;

AfterBytes := CipherAES.EncryptBytes(BeforeBytes)

…or…

AfterBytes := CipherAES.DecryptBytes(BeforeBytes) ;

In looking at your code I didn’t see a reference to an Initialization Vector, so I’m not certain how the key/init vector works in your crypt code.

We’re using the library Crypto-js for client-side encryption.

Can you please assist? Any help would be greatly appreciated.

Thanks.

[kimbomadsen]

Hi,

When using InitString, an internal default init vector is being used.

If you want to control it all, do like this (example is using AES validation data):

procedure TForm1.Button6Click(Sender: TObject);
var
   cipher:TkbmMWCipherAES;
   outdata:TkbmMWBytes;
const
   IV:array[0..15] of byte = ($00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00);
   key:array[0..15] of byte = ($00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00);
   data:array[0..15] of byte = ($f3,$44,$81,$ec,$3c,$c6,$27,$ba,$cd,$5d,$c3,$fb,$08,$f2,$73,$e6);
begin
     cipher:=TkbmMWCipherAES.Create(nil);
     try
        SetLength(outdata,16);
        cipher.Init(key,sizeof(key)*8,@IV[0]);
        cipher.EncryptCBC(data,outdata[0],16);
        cipher.Burn;

        Memo1.Lines.Add('Key='+TkbmMWPlatformMarshal.Bytes2Hex(TkbmMWPlatformMarshal.Memory2Bytes(@key[0],16)));
        Memo1.Lines.Add('IV='+TkbmMWPlatformMarshal.Bytes2Hex(TkbmMWPlatformMarshal.Memory2Bytes(@IV[0],16)));
        Memo1.Lines.Add('Data='+TkbmMWPlatformMarshal.Bytes2Hex(TkbmMWPlatformMarshal.Memory2Bytes(@data[0],16)));
        Memo1.Lines.Add('Outdata='+TkbmMWPlatformMarshal.Bytes2Hex(outdata));
        Memo1.Lines.Add(kbmMWMimeEncodeBytes2String(outdata));
     finally
        cipher.Free;
     end;
end;

[Author]

Posts