RNCryptor async
I have completed the major work for RNCryptor asynchronous operations on the async branch. This changes the API and the file format. I’ll be documenting this more formally within a few weeks, but here are the high points:
There are now separate RNCryptor and RNDecryptor objects (as well as RNOpenSSLEncryptor and RNOpenSSLDecryptor).
Aync usage looks like this:
RNEncryptor *encryptor = [[RNEncryptor alloc] initWithSettings:kRNCryptorAES256Settings
password:password
handler:^(RNCryptor *cryptor, NSData *data) {
...
}];
You add data using addData:. handler may or may not be called once for every call to addData:. When you are done, you must call finish, at which point, handler will be called one last time. You can check this condition using cryptor.isFinished.
There is still synchronous access such as:
NSData *encryptedData = [RNEncryptor encryptData:data
withSettings:kRNCryptorAES256Settings
password:password
error:&error];
I have dropped all the URL, file and stream APIs. Please let me know if you have a general use case where you would like them. I don’t mind creating some convenience methods, but the convenience methods in the original interface were becoming too numerous and that complicates testing. Input on this is welcome. I found that many people were either doing very small things where synchronous NSData is good, or they were using NSURLConnection, where you need all the callbacks (to handle redirects, authentication, etc.), so I’ve supported those two cases the most.
By default, handler is called on the GCD queue that the cryptor was created on. You can modify this by setting responseQueue.
Input on the API is welcome. I’m leaving it on the async branch until people have time to play with a little bit and I have time to document it fully.
Hey Rob, looks good! I like the simplified interface
Hey,
The base functionality looks very good and promising. I do however have issues trying to decrypt data encrypted with openSSL.
These are the settings I use in openSSL :
openssl enc -e -aes-256-cbc -K key -p -nosalt -iv 0 -in appsettings.xml -out appsettingsenc.xml
This is the code I use
NSData *encrKeyData = [KFDecryptResourcesKey dataUsingEncoding:NSUTF8StringEncoding]; NSData *ivData = [@"00000000000000000000000000000000" dataUsingEncoding:NSUTF8StringEncoding];
NSData *dataDecrypted = [RNOpenSSLDecryptor decryptData:dataEncrypted withSettings:kRNCryptorAES256Settings encryptionKey:encrKeyData IV:ivData error:&error];
Doing this let’s the debugger hang in the method “- (void)cleanupAndNotifyWithError:(NSError *)error” at following lines when I manually step trough :
if (self.handler) { dispatch_sync(self.responseQueue, ^{
Could it be that I make incorrect use of openSSL ?
With Friendly Regards, Nicky
@Nicky You are passing the wrong IV. You are passing the character “0″ rather than the number 0. You mean to use [NSMutableData dataWithLength:16]. This creates a 16 byte data filled with 0s.
But I strongly encourage you to create a random IV rather than passing a 0 IV. Using a 0 IV significantly degrades the security of the system.
Thank you for the response.
I was using a 64bit key (which openssl returns). Changing to 32bits let’s it continue. But I never get any data returned.
I also used [NSMutableData dataWithLength:32] as a test, no go.
Still looking into it.
@Nicky what do you mean by 64-bit key? AES-256 has a 256-bit key (32 bytes). The IV is not the key. It is the initialization vector, and has to be the same size as the block, which is 128 bits. The size in dataWithLength: is in bytes, not bits.
You may want to look at the OpenSSL test cases in RNCryptor to see how I do it. I included the OpenSSL command line I use in the comments.
@Rob Napier
Thank you very much, I quickly found the solution looking at the test cases. I mistyped bit there btw.
Very nice work !