REST Service encryption supporting Android/iOS encryption

Home Forums kbmMW REST Service encryption supporting Android/iOS encryption

This topic contains 0 replies, has 1 voice, and was last updated by  Decoder 2 weeks ago.

  • Author
    Posts
  • #53400

    Decoder
    Participant

    Hi Kim!

    We’ve are attempting to interface a mobile app on both Android and iOS with our encryption scheme.

    We’re using a custom http header to hold an encrypted, base64 encoded string.

    I noticed that CFB 8-bit appears to be the encryption method for Rijndael/AES by default. We’re using a salt to further secure the string.

    We are having a difficult time trying to properly encrypt the auth info using non-kbm android/ios native tools and have some questions; I have dug into your encryption source and have been unable to determine the answers to these questions:

    How is the salt being used? We’re currently assuming that the key is generated using PBKDF2 using the salt and password with 10 iterations with key size 256/32.

    What IV (initialization vector) are you using?

    We are using the following method to encrypt and salt:

    var

    str,password: AnsiString;

    CipherAES : TkbmMWCipherAES ;
    BeforeBytes : TkbmMWBytes ;
    AfterBytes : TkbmMWBytes ;
    begin
    try
    CipherAES := TkbmMWCipherAES.Create(nil) ; // Owner

    CipherAES.InitString(Password, // const Key:string
    TkbmMWHashSHA256,
    True) ;

    SetLength(BeforeBytes, Length(Str)) ;
    Move(Str[1], BeforeBytes[0], Length(Str)) ;

    AfterBytes := CipherAES.EncryptBytes(BeforeBytes)

    …or…

    AfterBytes := CipherAES.DecryptBytes(BeforeBytes) ;

    In looking at your code I didn’t see a reference to an Initialization Vector, so I’m not certain how the key/init vector works in your crypt code.

    We’re using the library Crypto-js for client-side encryption.

    Can you please assist? Any help would be greatly appreciated.

    Thanks.

You must be logged in to reply to this topic.