AES Encrypt and Decrypt

CryptoSwift Example

Updated to Swift 2

import Foundation import CryptoSwift extension String { func aesEncrypt(key: String, iv: String) throws -> String{ let data = self.dataUsingEncoding(NSUTF8StringEncoding) let enc = try AES(key: key, iv: iv, blockMode:.CBC).encrypt(data!.arrayOfBytes(), padding: PKCS7()) let encData = NSData(bytes: enc, length: Int(enc.count)) let base64String: String = encData.base64EncodedStringWithOptions(NSDataBase64EncodingOptions(rawValue: 0)); let result = String(base64String) return result } func aesDecrypt(key: String, iv: String) throws -> String { let data = NSData(base64EncodedString: self, options: NSDataBase64DecodingOptions(rawValue: 0)) let dec = try AES(key: key, iv: iv, blockMode:.CBC).decrypt(data!.arrayOfBytes(), padding: PKCS7()) let decData = NSData(bytes: dec, length: Int(dec.count)) let result = NSString(data: decData, encoding: NSUTF8StringEncoding) return String(result!) } } 

Usage:

let key = "bbC2H19lkVbQDfakxcrtNMQdd0FloLyw" // length == 32 let iv = "gqLOHUioQ0QjhuvI" // length == 16 let s = "string to encrypt" let enc = try! s.aesEncrypt(key, iv: iv) let dec = try! enc.aesDecrypt(key, iv: iv) print(s) // string to encrypt print("enc:\(enc)") // 2r0+KirTTegQfF4wI8rws0LuV8h82rHyyYz7xBpXIpM= print("dec:\(dec)") // string to encrypt print("\(s == dec)") // true 

Make sure you have the right length of iv (16) and key (32) then you won't hit "Block size and Initialization Vector must be the same length!" error.

CryptoSwift Example

Updated SWIFT 4.*

func aesEncrypt() throws -> String { let encrypted = try AES(key: KEY, iv: IV, padding: .pkcs7).encrypt([UInt8](self.data(using: .utf8)!)) return Data(encrypted).base64EncodedString() } func aesDecrypt() throws -> String { guard let data = Data(base64Encoded: self) else { return "" } let decrypted = try AES(key: KEY, iv: IV, padding: .pkcs7).decrypt([UInt8](data)) return String(bytes: decrypted, encoding: .utf8) ?? self } 

Code provided by SHS didn't work for me, but this one apparently did (I used a Bridging Header: #import <CommonCrypto/CommonCrypto.h>):

extension String { func aesEncrypt(key:String, iv:String, options:Int = kCCOptionPKCS7Padding) -> String? { if let keyData = key.data(using: String.Encoding.utf8), let data = self.data(using: String.Encoding.utf8), let cryptData = NSMutableData(length: Int((data.count)) + kCCBlockSizeAES128) { let keyLength = size_t(kCCKeySizeAES128) let operation: CCOperation = UInt32(kCCEncrypt) let algoritm: CCAlgorithm = UInt32(kCCAlgorithmAES128) let options: CCOptions = UInt32(options) var numBytesEncrypted :size_t = 0 let cryptStatus = CCCrypt(operation, algoritm, options, (keyData as NSData).bytes, keyLength, iv, (data as NSData).bytes, data.count, cryptData.mutableBytes, cryptData.length, &numBytesEncrypted) if UInt32(cryptStatus) == UInt32(kCCSuccess) { cryptData.length = Int(numBytesEncrypted) let base64cryptString = cryptData.base64EncodedString(options: .lineLength64Characters) return base64cryptString } else { return nil } } return nil } func aesDecrypt(key:String, iv:String, options:Int = kCCOptionPKCS7Padding) -> String? { if let keyData = key.data(using: String.Encoding.utf8), let data = NSData(base64Encoded: self, options: .ignoreUnknownCharacters), let cryptData = NSMutableData(length: Int((data.length)) + kCCBlockSizeAES128) { let keyLength = size_t(kCCKeySizeAES128) let operation: CCOperation = UInt32(kCCDecrypt) let algoritm: CCAlgorithm = UInt32(kCCAlgorithmAES128) let options: CCOptions = UInt32(options) var numBytesEncrypted :size_t = 0 let cryptStatus = CCCrypt(operation, algoritm, options, (keyData as NSData).bytes, keyLength, iv, data.bytes, data.length, cryptData.mutableBytes, cryptData.length, &numBytesEncrypted) if UInt32(cryptStatus) == UInt32(kCCSuccess) { cryptData.length = Int(numBytesEncrypted) let unencryptedMessage = String(data: cryptData as Data, encoding:String.Encoding.utf8) return unencryptedMessage } else { return nil } } return nil } } 

From my ViewController:

 let encoded = message.aesEncrypt(key: keyString, iv: iv) let unencode = encoded?.aesDecrypt(key: keyString, iv: iv) 

There is an interesting "pure-swift" Open Source library:

• CryptoSwift: https://github.com/krzyzanowskim/CryptoSwift

  It supports: AES-128, AES-192, AES-256, ChaCha20

Example with AES decrypt (got from project README.md file):

import CryptoSwift let setup = (key: keyData, iv: ivData) let decryptedAES = AES(setup).decrypt(encryptedData) 

I was using CommonCrypto to generate Hash through the code of MihaelIsaev/HMAC.swift from Easy to use Swift implementation of CommonCrypto HMAC. This implementation is without using Bridging-Header, with creation of Module file.

Now to use AESEncrypt and Decrypt, I directly added the functions inside "extension String {" in HAMC.swift.

func aesEncrypt(key:String, iv:String, options:Int = kCCOptionPKCS7Padding) -> String? { if let keyData = key.dataUsingEncoding(NSUTF8StringEncoding), data = self.dataUsingEncoding(NSUTF8StringEncoding), cryptData = NSMutableData(length: Int((data.length)) + kCCBlockSizeAES128) { let keyLength = size_t(kCCKeySizeAES128) let operation: CCOperation = UInt32(kCCEncrypt) let algoritm: CCAlgorithm = UInt32(kCCAlgorithmAES128) let options: CCOptions = UInt32(options) var numBytesEncrypted :size_t = 0 let cryptStatus = CCCrypt(operation, algoritm, options, keyData.bytes, keyLength, iv, data.bytes, data.length, cryptData.mutableBytes, cryptData.length, &numBytesEncrypted) if UInt32(cryptStatus) == UInt32(kCCSuccess) { cryptData.length = Int(numBytesEncrypted) let base64cryptString = cryptData.base64EncodedStringWithOptions(.Encoding64CharacterLineLength) return base64cryptString } else { return nil } } return nil } func aesDecrypt(key:String, iv:String, options:Int = kCCOptionPKCS7Padding) -> String? { if let keyData = key.dataUsingEncoding(NSUTF8StringEncoding), data = NSData(base64EncodedString: self, options: .IgnoreUnknownCharacters), cryptData = NSMutableData(length: Int((data.length)) + kCCBlockSizeAES128) { let keyLength = size_t(kCCKeySizeAES128) let operation: CCOperation = UInt32(kCCDecrypt) let algoritm: CCAlgorithm = UInt32(kCCAlgorithmAES128) let options: CCOptions = UInt32(options) var numBytesEncrypted :size_t = 0 let cryptStatus = CCCrypt(operation, algoritm, options, keyData.bytes, keyLength, iv, data.bytes, data.length, cryptData.mutableBytes, cryptData.length, &numBytesEncrypted) if UInt32(cryptStatus) == UInt32(kCCSuccess) { cryptData.length = Int(numBytesEncrypted) let unencryptedMessage = String(data: cryptData, encoding:NSUTF8StringEncoding) return unencryptedMessage } else { return nil } } return nil } 

The functions were taken from RNCryptor. It was an easy addition in the hashing functions and in one single file "HMAC.swift", without using Bridging-header. I hope this will be useful for developers in swift requiring Hashing and AES Encryption/Decryption.

Example of using the AESDecrypt as under.

 let iv = "AA-salt-BBCCDD--" // should be of 16 characters. //here we are convert nsdata to String let encryptedString = String(data: dataFromURL, encoding: NSUTF8StringEncoding) //now we are decrypting if let decryptedString = encryptedString?.aesDecrypt("12345678901234567890123456789012", iv: iv) // 32 char pass key { // Your decryptedString } 

CryptoSwift is very interesting project but for now it has some AES speed limitations. Be carefull if you need to do some serious crypto - it might be worth to go through the pain of bridge implemmenting CommonCrypto.

BigUps to Marcin for pureSwift implementation

You can use CommonCrypto from iOS or CryptoSwift as external library. There are implementations with both tools below. That said, CommonCrypto output with AES should be tested, as it is not clear in CC documentation, which mode of AES it uses.

CommonCrypto in Swift 4.2

 import CommonCrypto func encrypt(data: Data) -> Data { return cryptCC(data: data, key: key, operation: kCCEncrypt) } func decrypt(data: Data) -> Data { return cryptCC(data: data, key: key, operation: kCCDecrypt) } private func cryptCC(data: Data, key: String operation: Int) -> Data { guard key.count == kCCKeySizeAES128 else { fatalError("Key size failed!") } var ivBytes: [UInt8] var inBytes: [UInt8] var outLength: Int if operation == kCCEncrypt { ivBytes = [UInt8](repeating: 0, count: kCCBlockSizeAES128) guard kCCSuccess == SecRandomCopyBytes(kSecRandomDefault, ivBytes.count, &ivBytes) else { fatalError("IV creation failed!") } inBytes = Array(data) outLength = data.count + kCCBlockSizeAES128 } else { ivBytes = Array(Array(data).dropLast(data.count - kCCBlockSizeAES128)) inBytes = Array(Array(data).dropFirst(kCCBlockSizeAES128)) outLength = inBytes.count } var outBytes = [UInt8](repeating: 0, count: outLength) var bytesMutated = 0 guard kCCSuccess == CCCrypt(CCOperation(operation), CCAlgorithm(kCCAlgorithmAES128), CCOptions(kCCOptionPKCS7Padding), Array(key), kCCKeySizeAES128, &ivBytes, &inBytes, inBytes.count, &outBytes, outLength, &bytesMutated) else { fatalError("Cryptography operation \(operation) failed") } var outData = Data(bytes: &outBytes, count: bytesMutated) if operation == kCCEncrypt { ivBytes.append(contentsOf: Array(outData)) outData = Data(bytes: ivBytes) } return outData } 

CryptoSwift v0.14 in Swift 4.2

 enum Operation { case encrypt case decrypt } private let keySizeAES128 = 16 private let aesBlockSize = 16 func encrypt(data: Data, key: String) -> Data { return crypt(data: data, key: key, operation: .encrypt) } func decrypt(data: Data, key: String) -> Data { return crypt(data: data, key: key, operation: .decrypt) } private func crypt(data: Data, key: String, operation: Operation) -> Data { guard key.count == keySizeAES128 else { fatalError("Key size failed!") } var outData: Data? = nil if operation == .encrypt { var ivBytes = [UInt8](repeating: 0, count: aesBlockSize) guard 0 == SecRandomCopyBytes(kSecRandomDefault, ivBytes.count, &ivBytes) else { fatalError("IV creation failed!") } do { let aes = try AES(key: Array(key.data(using: .utf8)!), blockMode: CBC(iv: ivBytes)) let encrypted = try aes.encrypt(Array(data)) ivBytes.append(contentsOf: encrypted) outData = Data(bytes: ivBytes) } catch { print("Encryption error: \(error)") } } else { let ivBytes = Array(Array(data).dropLast(data.count - aesBlockSize)) let inBytes = Array(Array(data).dropFirst(aesBlockSize)) do { let aes = try AES(key: Array(key.data(using: .utf8)!), blockMode: CBC(iv: ivBytes)) let decrypted = try aes.decrypt(inBytes) outData = Data(bytes: decrypted) } catch { print("Decryption error: \(error)") } } return outData! } 

Swift4:

let key = "ccC2H19lDDbQDfakxcrtNMQdd0FloLGG" // length == 32 let iv = "ggGGHUiDD0Qjhuvv" // length == 16 func encryptFile(_ path: URL) -> Bool{ do{ let data = try Data.init(contentsOf: path) let encodedData = try data.aesEncrypt(key: key, iv: iv) try encodedData.write(to: path) return true }catch{ return false } } func decryptFile(_ path: URL) -> Bool{ do{ let data = try Data.init(contentsOf: path) let decodedData = try data.aesDecrypt(key: key, iv: iv) try decodedData.write(to: path) return true }catch{ return false } } 

Install CryptoSwift

import CryptoSwift extension Data { func aesEncrypt(key: String, iv: String) throws -> Data{ let encypted = try AES(key: key.bytes, blockMode: CBC(iv: iv.bytes), padding: .pkcs7).encrypt(self.bytes) return Data(bytes: encypted) } func aesDecrypt(key: String, iv: String) throws -> Data { let decrypted = try AES(key: key.bytes, blockMode: CBC(iv: iv.bytes), padding: .pkcs7).decrypt(self.bytes) return Data(bytes: decrypted) } } 

Update Swift 4.2

Here, for instance, we encrypt a string to base64encoded string. And then we decrypt the same to a readable string. (That would be same as our input string).

In my case, I use this to encrypt a string and embed that to QR Code. Then another party scan that and decrypt the same. So intermediate won't understand the QR codes.

Step 1: Encrypt a string "Encrypt My Message 123"

Step 2: Encrypted base64Encoded string : +yvNjiD7F9/JKmqHTc/Mjg== (The same printed on QR code)

Step 3: Scan and decrypt the string "+yvNjiD7F9/JKmqHTc/Mjg=="

Step 4: It comes final result - "Encrypt My Message 123"

Functions for Encrypt & Decrypt:

func encryption(stringToEncrypt: String) -> String{ let key = "MySecretPKey" //let iv = "92c9d2c07a9f2e0a" let data = stringToEncrypt.data(using: .utf8) let keyD = key.data(using: .utf8) let encr = (data as NSData?)!.aes128EncryptedData(withKey: keyD) let base64String: String = (encr as NSData?)!.base64EncodedString(options: NSData.Base64EncodingOptions(rawValue: 0)) print(base64String) return base64String } func decryption(encryptedString:String) -> String{ let key = "MySecretPKey" //let iv = "92c9d2c07a9f2e0a" let keyD = key.data(using: .utf8) let decrpStr = NSData(base64Encoded: encryptedString, options: NSData.Base64DecodingOptions(rawValue: 0)) let dec = (decrpStr)!.aes128DecryptedData(withKey: keyD) let backToString = String(data: dec!, encoding: String.Encoding.utf8) print(backToString!) return backToString! } 

Usage:

 let enc = encryption(stringToEncrypt: "Encrypt My Message 123") let decryptedString = decryption(encryptedString: enc) print(decryptedString) 

Classes for supporting AES encrypting functions, these are written in Objective-C. So for swift, you need to use bridge header to support these.

Class Name: NSData+AES.h

#import <Foundation/Foundation.h> @interface NSData (AES) - (NSData *)AES128EncryptedDataWithKey:(NSData *)key; - (NSData *)AES128DecryptedDataWithKey:(NSData *)key; - (NSData *)AES128EncryptedDataWithKey:(NSData *)key iv:(NSData *)iv; - (NSData *)AES128DecryptedDataWithKey:(NSData *)key iv:(NSData *)iv; @end 

Class Name: NSData+AES.m

#import "NSData+AES.h" #import <CommonCrypto/CommonCryptor.h> @implementation NSData (AES) - (NSData *)AES128EncryptedDataWithKey:(NSData *)key { return [self AES128EncryptedDataWithKey:key iv:nil]; } - (NSData *)AES128DecryptedDataWithKey:(NSData *)key { return [self AES128DecryptedDataWithKey:key iv:nil]; } - (NSData *)AES128EncryptedDataWithKey:(NSData *)key iv:(NSData *)iv { return [self AES128Operation:kCCEncrypt key:key iv:iv]; } - (NSData *)AES128DecryptedDataWithKey:(NSData *)key iv:(NSData *)iv { return [self AES128Operation:kCCDecrypt key:key iv:iv]; } - (NSData *)AES128Operation:(CCOperation)operation key:(NSData *)key iv:(NSData *)iv { NSUInteger dataLength = [self length]; size_t bufferSize = dataLength + kCCBlockSizeAES128; void *buffer = malloc(bufferSize); size_t numBytesEncrypted = 0; CCCryptorStatus cryptStatus = CCCrypt(operation, kCCAlgorithmAES128, kCCOptionPKCS7Padding | kCCOptionECBMode, key.bytes, kCCBlockSizeAES128, iv.bytes, [self bytes], dataLength, buffer, bufferSize, &numBytesEncrypted); if (cryptStatus == kCCSuccess) { return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted]; } free(buffer); return nil; } @end 

This is a pretty old post but XCode 10 added the CommonCrypto module so you don't need a module map. Also with Swift 5, no need for the annoying casts.

You could do something like:

func decrypt(_ data: Data, iv: Data, key: Data) throws -> String { var buffer = [UInt8](repeating: 0, count: data.count + kCCBlockSizeAES128) var bufferLen: Int = 0 let status = CCCrypt( CCOperation(kCCDecrypt), CCAlgorithm(kCCAlgorithmAES128), CCOptions(kCCOptionPKCS7Padding), [UInt8](key), kCCBlockSizeAES128, [UInt8](iv), [UInt8](data), data.count, &buffer, buffer.count, &bufferLen ) guard status == kCCSuccess, let str = String(data: Data(bytes: buffer, count: bufferLen), encoding: .utf8) else { throw NSError(domain: "AES", code: -1, userInfo: nil) } return str } 

You can just copy & paste these methods (Swift 4+):

 class func encryptMessage(message: String, encryptionKey: String, iv: String) -> String? { if let aes = try? AES(key: encryptionKey, iv: iv), let encrypted = try? aes.encrypt(Array<UInt8>(message.utf8)) { return encrypted.toHexString() } return nil } class func decryptMessage(encryptedMessage: String, encryptionKey: String, iv: String) -> String? { if let aes = try? AES(key: encryptionKey, iv: iv), let decrypted = try? aes.decrypt(Array<UInt8>(hex: encryptedMessage)) { return String(data: Data(bytes: decrypted), encoding: .utf8) } return nil } 

Example:

let encryptMessage = encryptMessage(message: "Hello World!", encryptionKey: "mykeymykeymykey1", iv: "myivmyivmyivmyiv") // Output of encryptMessage is: 649849a5e700d540f72c4429498bf9f4 let decryptedMessage = decryptMessage(encryptedMessage: encryptMessage, encryptionKey: "mykeymykeymykey1", iv: "myivmyivmyivmyiv") // Output of decryptedMessage is: Hello World! 

Don't forget encryptionKey & iv should be 16 bytes.