REST Service encryption supporting Android/iOS encryption

Home Forums kbmMW REST Service encryption supporting Android/iOS encryption

This topic contains 1 reply, has 2 voices, and was last updated by  kimbomadsen 6 months, 2 weeks ago.

  • Author
  • #53400


    Hi Kim!

    We’ve are attempting to interface a mobile app on both Android and iOS with our encryption scheme.

    We’re using a custom http header to hold an encrypted, base64 encoded string.

    I noticed that CFB 8-bit appears to be the encryption method for Rijndael/AES by default. We’re using a salt to further secure the string.

    We are having a difficult time trying to properly encrypt the auth info using non-kbm android/ios native tools and have some questions; I have dug into your encryption source and have been unable to determine the answers to these questions:

    How is the salt being used? We’re currently assuming that the key is generated using PBKDF2 using the salt and password with 10 iterations with key size 256/32.

    What IV (initialization vector) are you using?

    We are using the following method to encrypt and salt:


    str,password: AnsiString;

    CipherAES : TkbmMWCipherAES ;
    BeforeBytes : TkbmMWBytes ;
    AfterBytes : TkbmMWBytes ;
    CipherAES := TkbmMWCipherAES.Create(nil) ; // Owner

    CipherAES.InitString(Password, // const Key:string
    True) ;

    SetLength(BeforeBytes, Length(Str)) ;
    Move(Str[1], BeforeBytes[0], Length(Str)) ;

    AfterBytes := CipherAES.EncryptBytes(BeforeBytes)


    AfterBytes := CipherAES.DecryptBytes(BeforeBytes) ;

    In looking at your code I didn’t see a reference to an Initialization Vector, so I’m not certain how the key/init vector works in your crypt code.

    We’re using the library Crypto-js for client-side encryption.

    Can you please assist? Any help would be greatly appreciated.


  • #53425



    When using InitString, an internal default init vector is being used.

    If you want to control it all, do like this (example is using AES validation data):

You must be logged in to reply to this topic.