RNCryptor-iOS to RNCryptor-PHP with base64

402 views
Skip to first unread message

Jeroen Kooiker

unread,
Nov 17, 2014, 3:51:42 AM11/17/14
to rncr...@googlegroups.com

Hi all,

I have an iOS app that uses a webservice. The communication of passwords and other sensitive information should be encrypted.
I've been trying things for hours, but I can't really get it working. I think that the problem lies in the communication between both.

The way I do it is as following: (this is only from iOS to PHP)

I made my own Security-class where the key for AES256 is calculated etc. This is the method I use for encrypting:

+ (NSData *)encrypt:(NSString *)string


{


    NSData *encryptedString;


    NSError *error;


   


    encryptedString = [RNEncryptor encryptData:[string dataUsingEncoding:NSUTF8StringEncoding]


                                  withSettings:kRNCryptorAES256Settings


                                      password:[MAEncryptDecrypt encryptDecryptKey]


                                         error:&error];


   


    return encryptedString;


}

This will encrypt a NSString with kRNCryptorAES256. encryptDecryptKey is for now a static value, but that will be somewhat random (well, not actually random, because the PHP-side should be able to recalculate that key...).
string is the string that will be encrypted. ([string dataUsingEncoding:NSUTF8StringEncoding] is the right approach here, right?)

Sending the encrypted string to the server goes like this:

NSData *encryptedString = [MAEncryptDecryptencrypt:@"hi, this will be encrypted..."]; // encrypts it using the above method
NSString *base64encoded = [encrypted base64EncodedStringWithOptions:0]; // encodes it with base64, so it can be send

NSMutableURLRequest *url = [[NSMutableURLRequest alloc] initWithURL:[[NSURL alloc] initWithString:API_URL] cachePolicy:NSURLRequestReturnCacheDataElseLoad timeoutInterval:30];


[url setHTTPMethod:@"POST"];

// here the encrypted-string is added to the HTTP-body. q=encoded
NSString *HTTPBody = [NSString stringWithFormat@"q=%@", encoded];
[url setHTTPBody:[HTTPBody dataUsingEncoding:NSUTF8StringEncoding]];

[NSURLConnection connectionWithRequest:url delegate:self]; // send it to the server

If I NSLog some thing, encryptedString is:

<0301fecc d6fb4823 89a063b6 03269e91 872d82d0 fb01c421 7ea5aa5a def9af07 b32f9d06 34e93d63 5a408cf7 34f603f0 ebfc645d e02a2447 c4c71d14 a74eaa9f 67a9492b 12015b33 f18dcf56 6ca9e21d 62f30310 2e387673 79af66fd 4e2daa82 cda7>


base64encoded is:

AwH+zNb7SCOJoGO2AyaekYctgtD7AcQhfqWqWt75rwezL50GNOk9Y1pAjPc09gPw6/xkXeAqJEfExx0Up06qn2epSSsSAVsz8Y3PVmyp4h1i8wMQLjh2c3mvZv1OLaqCzac=


On the PHP-side the q= :

AwH zNb7SCOJoGO2AyaekYctgtD7AcQhfqWqWt75rwezL50GNOk9Y1pAjPc09gPw6/xkXeAqJEfExx0Up06qn2epSSsSAVsz8Y3PVmyp4h1i8wMQLjh2c3mvZv1OLaqCzac=


But I get a 500 internal server error. Does this have to do with the fact that the + has become a space? Why is that?


I have been struggling with this for hours. After this there are some more problems, but maybe if this is solved I'm able to solve those too. So this is my first question.


Hopefully someone here can help me with this!

Thank you in advance! :)

Eamon White

unread,
Dec 18, 2014, 12:20:43 AM12/18/14
to rncr...@googlegroups.com
I am doing almost the exact same thing....and I think the error has to do with the fact that the '+' sign is being removed from the base46 encoded string on the php side...I am noticing the same thing - you say your output is "AwH zNb7SCOJoGO2AyaekYctgtD7AcQhfqWqWt75rwezL50GNOk9Y1pAjPc09gPw6/xkXeAqJEfExx0Up06qn2epSSsSAVsz8Y3PVmyp4h1i8wMQLjh2c3mvZv1OLaqCzac="...and I think it should be "AwH+zNb7SCOJoGO2AyaekYctgtD7AcQhfqWqWt75rwezL50GNOk9Y1pAjPc09gPw6/xkXeAqJEfExx0Up06qn2epSSsSAVsz8Y3PVmyp4h1i8wMQLjh2c3mvZv1OLaqCzac=" - I'm going to write a function that looks for whitespace in the string and replaces it with a '+' sign...because I'm guessing that might fix this problem in our case...but I'm also not sure if that is a good fix (if it ends up working) - I'll post back and let you know how it goes...I would like to get an answer on this too!

Eamon White

unread,
Dec 18, 2014, 12:27:06 AM12/18/14
to rncr...@googlegroups.com
A great result! I got a successful result with curl in my terminal - testing my app right now and.........nope - bad result...but good news is it looks like its a stupid client side mistake now instead of php spitting out a whitespace for that '+' sign....why does that happen? I'll let you know when I have this fully resolved.


On Monday, November 17, 2014 3:51:42 AM UTC-5, Jeroen Kooiker wrote:

Steven Schobert

unread,
Dec 19, 2014, 11:12:17 PM12/19/14
to rncr...@googlegroups.com
Try URL-encoding your encrypted string before sending it your server.

If you are sending the base64 string to the server as a query parameter, or if you are posting it using application/x-www-form-urlencoded, then your PHP server is going to assume that encrypted string has been URL-encoded. In URL-encoded strings, that + character represents a space, which is why you are getting a seeing space instead of the + on the PHP side.

So to summarize, on the iOS side you should encrypt, then base64, then URL-encode. The PHP server will then automatically url-decode that string for you, and you can then un-base64 it, and decrypt.
Reply all
Reply to author
Forward
0 new messages