We’ve are attempting to interface a mobile app on both Android and iOS with our encryption scheme.
We’re using a custom http header to hold an encrypted, base64 encoded string.
I noticed that CFB 8-bit appears to be the encryption method for Rijndael/AES by default. We’re using a salt to further secure the string.
We are having a difficult time trying to properly encrypt the auth info using non-kbm android/ios native tools and have some questions; I have dug into your encryption source and have been unable to determine the answers to these questions:
How is the salt being used? We’re currently assuming that the key is generated using PBKDF2 using the salt and password with 10 iterations with key size 256/32.
What IV (initialization vector) are you using?
We are using the following method to encrypt and salt: