使用 Apples CryptoKit 在 iOS 和 Kotlin/Java 之间进行跨平台 AES 加密

本文介绍了使用 Apples CryptoKit 在 iOS 和 Kotlin/Java 之间进行跨平台 AES 加密的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我想使用 Apples CryptoKit 将加密数据从运行 kotlin 应用程序的服务器发送到 iOS 应用程序.我在初始化 AES.GCM.SealedBox 和解密数据时遇到问题.总的来说，我不明白 Sealboxstag 的用途.

I want to send encrypted data form a server running a kotlin application to an iOS App using Apples CryptoKit.I have problems to initialize a AES.GCM.SealedBox and decrypt the data. In general I don't understand what Sealboxstag is for.

首先是 Kotlin 方面:

So first Kotlin side:

        fun ByteArray.aesEncrypt(key: ByteArray, iv: ByteArray? = null): ByteArray {
            return aes(this, Cipher.ENCRYPT_MODE, key, iv)
        }
        private fun aes(self: ByteArray, mode: Int, key: ByteArray, iv: ByteArray?): ByteArray{
            val skey = SecretKeySpec(key, "AES")
            val cipher = Cipher.getInstance("AES/GCM/PKCS5Padding")
            println("MODE: ${cipher.algorithm}")
            iv?.let {
                cipher.init(mode, skey, GCMParameterSpec(128, iv))
            }?: run{
                cipher.init(mode, skey)
            }
            val cipherText = ByteArray(cipher.getOutputSize(self.size))
            var ctLength = cipher.update(self, 0, self.size, cipherText, 0)
            ctLength += cipher.doFinal(cipherText, ctLength)
            return cipherText
        }

iOS:

    static private let privateKey = SymmetricKey(size: SymmetricKeySize.bits128)
    static private let nonce = AES.GCM.Nonce()

    static func decrypt(_ data: Data) -> Data {
        print("Encrypted data (data.bytes)")
        print("Private key: (privateKey.data.bytes)")
        print("Nonce: (Array(nonce))")
        let boxToDecrypt = try! AES.GCM.SealedBox(combined: data)
        let plainData = try! AES.GCM.open(boxToDecrypt, using: privateKey)
        return plainData
    }

当然，双方都有相同的密钥和 iv/nonce.我遇到的错误消息是:

Of cause both sides have the same key and iv/nonce. The error message I'm running into is:

CryptoKit.CryptoKitError.incorrectParameterSize

在线:

let boxToDecrypt = try! AES.GCM.SealedBox(combined: data)

编辑我:其他有效载荷信息:

EDIT I:Additional payload info:

服务器(Kotlin):

Server(Kotlin):

Not encrypted: 0,0,0,0,0,0,0,1
Key: 169,152,60,154,77,50,10,63,60,166,48,129,1,68,219,250
IV: 134,191,34,26,111,146,17,54,31,212,74,14
Encrypted: 158,154,213,95,227,42,155,199,169,183,166,67,139,154,198,172,229,82,34,30,40,188,41,73

客户端(iOS):

Encrypted data [158, 154, 213, 95, 227, 42, 155, 199, 169, 183, 166, 67, 139, 154, 198, 172, 229, 82, 34, 30, 40, 188, 41, 73]
Nonce: [134, 191, 34, 26, 111, 146, 17, 54, 31, 212, 74, 14]
Private key: [169, 152, 60, 154, 77, 50, 10, 63, 60, 166, 48, 129, 1, 68, 219, 250]

推荐答案

你能在你的设置中试试这个(或类似的东西)吗?从我不明白的您需要用随机数作为数据前缀，因为来自 kotlin/java 的数据包含密文和末尾的标签.CryptoKit 需要 nonce ||密文 ||标签.

could you try this (or something like it) with your setup. From what I undestandyou need to prefix data with nonce, because data from kotlin/java contains the cipher text plus the tag at the end. CryptoKit needs nonce || ciphertext || tag.

func decrypt(data: Data) -> String {
    // need to prefix data with nonce, because data from kotlin/java contains the cipher text plus the tag at the end.
    // we want nonce || ciphertext || tag for CryptoKit to be happy
    let combine = nonce + data
    if let myNewSealedBox = try? AES.GCM.SealedBox(combined: combine),
        let res = try? AES.GCM.open(myNewSealedBox, using: mykey),
        let myText = try? String(decoding: res, as: UTF8.self) {
        return myText
    }
    return ""
}

这篇关于使用 Apples CryptoKit 在 iOS 和 Kotlin/Java 之间进行跨平台 AES 加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！