0

I was to trying encrypt a text using CryptoSwift for ios application, and CryptoJS for web application, which has to be decrypted in Java platform. I could able to encrypt successfully in javascript by using the following code.

var message = "Hello" var password = "samplepasswordky" function encrypt(message, password) { var salt = CryptoJS.enc.Hex.parse("00000000000000000000000000000000"); var key = CryptoJS.PBKDF2(pass, salt, { keySize: keySize/32, iterations: iterations }); var iv = CryptoJS.enc.Hex.parse("00000000000000000000000000000000"); var encrypted = CryptoJS.AES.encrypt(msg, key, { iv: iv }); var encryptedMessage = encrypted.ciphertext.toString(CryptoJS.enc.Base64); return encryptedMessage; }

For the same in CryptoSwift I am doing the following, but I could not decrypt the text in Java. 

let salt: [UInt8] = Array("0000000000000000".utf8) let password: [UInt8] = Array("samplepasswordky".utf8) let iv: [UInt8] = Array("0000000000000000".utf8) let derivedKey = try! PKCS5.PBKDF2(password: password, salt: salt , iterations: 100, keyLength: 16, variant: .sha1).calculate() let encrypted = try! AES(key: derivedKey, blockMode: CBC(iv: iv), padding: .pkcs5).encrypt(input) print(encrypted.toHexString())

Kindly help me to make this work.

Improve this question
1
  • if someone decided to use default CryptoJS functionality - i've finally make it work on iOS and Android medium.com/@alex.strok/… Commented Apr 22, 2022 at 12:30

1 Answer 1

Reset to default
3

This line:

var salt = CryptoJS.enc.Hex.parse("00000000000000000000000000000000");

Is not the same as this line:

let salt: [UInt8] = Array("0000000000000000".utf8)

The utf8 encoding of "0000000000000000" is, in hex, 30303030303030303030303030303030 (0x30 is the UTF-8 encoding of the character "0").

What you meant to use here is Array(repeating: UInt8(0), count: 16).

You're also outputting a Base64 string in JavaScript, and a hex string in Swift, which are not the same things.

Unrelated side-note:

This implementation is working pretty hard to get little security. If your password is static, you could do much better by using a random key (i.e. 32 completely random bytes 0-255, not a string of characters). PKBDF2 isn't really buying you much here, excepting slowing down the system (not slowing down the attacker; just your app). Adding a random IV would significantly improve this system as well with little cost.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.