2

I'm using CommonCrypto in my app to decrypt some data encrypted using openssl. In order to test the encryption, I've tried to encrypt some sample data and its quite surprise that the outputs of my encryption (which is aes ecb) are different from what is generated by using openssl command.

I've also given some tries with other framework like CryptoSwift, but the results are the same.

Heres the code I use to encrypt:

class AESEncryptor { static func encrypt(text: String, key: String) -> String? { guard let encryptingData = text.data(using: .utf8), let keyData = key.data(using: .utf8) else { return nil } var outLength = Int(0) var outBytes = [UInt8](repeating: 0, count: encryptingData.count + kCCBlockSizeAES128) var status: CCCryptorStatus = CCCryptorStatus(kCCSuccess) encryptingData.withUnsafeBytes { (encryptingBytes: UnsafePointer<UInt8>!) -> () in keyData.withUnsafeBytes { (keyBytes: UnsafePointer<UInt8>!) -> () in status = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmAES), // algorithm CCOptions(kCCOptionECBMode | kCCOptionPKCS7Padding), // options keyBytes, // key keyData.count, // keylength nil, //ivBytes, // iv encryptingBytes, // dataIn encryptingData.count, // dataInLength &outBytes, // dataOut outBytes.count, // dataOutAvailable &outLength) // dataOutMoved } } guard status == kCCSuccess else { return nil } let encryptedData = Data(bytes: UnsafePointer<UInt8>(outBytes), count: outLength) return encryptedData.base64EncodedString() } }

Calling the above function:

let key = "4f0fbad47141ef9616ce4d71b459eea9" let plain = "ThisIsASuperSecurePassword" let digest = AESEncryptor.encrypt(text: plain, key: key)

the digest is "4ebhUO+Rma34MR4iBTT04AS6rXX+Jy2U97rwC2HGmz0="

Meanwhile, openssl command line, with same input:

echo -n "ThisIsASuperSecurePassword" | openssl enc -e -aes-128-ecb -K "3466306662616434373134316566393631366365346437316234353965656139" -a

("3466306662616434373134316566393631366365346437316234353965656139" is the hex string of "4f0fbad47141ef9616ce4d71b459eea9")

gives me "zPO4jNrMbbZp4WXNPgkX1RuBIpNXZqe0XNqNMFPTt/Q="

So, my question is: why they are not the same? How can I get the same outputs?

AD

Improve this question

1 Answer 1

Reset to default
3

First problem is that you didn't encode with AES-128-EBC, you actually encoded with AES-256-EBC. With is because your key length is 256 bits, not 128 bits.

So if we encode using openssl with the correct key length I get:

(Note I'm using powershell and for some reason piping text to a command will add a CRLF so I to it via a file)

"ThisIsASuperSecurePassword" | Set-Content -NoNewLine plaintext.txt openssl enc -e -aes-256-ecb -K 3466306662616434373134316566393631366365346437316234353965656139 -a -in plaintext.txt

I get:

4ebhUO+Rma34MR4iBTT04AS6rXX+Jy2U97rwC2HGmz0=

Which is the same as what you get.

And decrypting the output produces the plaintext again:

"4ebhUO+Rma34MR4iBTT04AS6rXX+Jy2U97rwC2HGmz0=" | openssl enc -d -aes-256-ecb -K 3466306662616434373134316566393631366365346437316234353965656139 -a -p

produces the output:

ThisIsASuperSecurePassword

If you actually wanted AES-128 you will need to reduce your key size to 128 bits in length.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

It's not quite the same; you appear to be using powershell where "abc" outputs abc followed by CRLF
Not sure what you mean by the CRLF comment. If I output the results of the decode to a file the two files are the same and I don't see a CRLF in the output files.
I just double-checked my results, you are correct. My has a CRLF at the end which is the difference between the two.
Thanks @dave_thompson_085 for your input. I have updated my answer to reflect the same output. I could not figure out how to use powershell piping without getting the newline at the end :(

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.