REST Service encryption supporting Android/iOS encryption

Home Forums kbmMW REST Service encryption supporting Android/iOS encryption

Viewing 1 reply thread
  • Author
    • #53400

      Hi Kim!

      We’ve are attempting to interface a mobile app on both Android and iOS with our encryption scheme.

      We’re using a custom http header to hold an encrypted, base64 encoded string.

      I noticed that CFB 8-bit appears to be the encryption method for Rijndael/AES by default. We’re using a salt to further secure the string.

      We are having a difficult time trying to properly encrypt the auth info using non-kbm android/ios native tools and have some questions; I have dug into your encryption source and have been unable to determine the answers to these questions:

      How is the salt being used? We’re currently assuming that the key is generated using PBKDF2 using the salt and password with 10 iterations with key size 256/32.

      What IV (initialization vector) are you using?

      We are using the following method to encrypt and salt:


      str,password: AnsiString;

      CipherAES : TkbmMWCipherAES ;
      BeforeBytes : TkbmMWBytes ;
      AfterBytes : TkbmMWBytes ;
      CipherAES := TkbmMWCipherAES.Create(nil) ; // Owner

      CipherAES.InitString(Password, // const Key:string
      True) ;

      SetLength(BeforeBytes, Length(Str)) ;
      Move(Str[1], BeforeBytes[0], Length(Str)) ;

      AfterBytes := CipherAES.EncryptBytes(BeforeBytes)


      AfterBytes := CipherAES.DecryptBytes(BeforeBytes) ;

      In looking at your code I didn’t see a reference to an Initialization Vector, so I’m not certain how the key/init vector works in your crypt code.

      We’re using the library Crypto-js for client-side encryption.

      Can you please assist? Any help would be greatly appreciated.


    • #53425


      When using InitString, an internal default init vector is being used.

      If you want to control it all, do like this (example is using AES validation data):

Viewing 1 reply thread
  • You must be logged in to reply to this topic.