Search code examples
objective-ccommoncrypto

Determine if key is incorrect with CCCrypt kCCOptionPKCS7Padding-Objective C

I am working on incorporating encryption for data stored in my application. I have gotten pretty far in that I am encrypting and decrypting data, my problem is that I cannot seem to force an obvious decryption error when the wrong key is used. My decrypt function:

+ (NSData *)decryptedDataForData:(NSData *)data
                    password:(NSString *)password
                          iv:(NSData *)iv
                        salt:(NSData *)salt
                       error:(NSError **)error {
NSAssert(iv, @"IV must not be NULL");
NSAssert(salt, @"salt must not be NULL");

NSData *key = [self AESKeyForPassword:password salt:salt];

size_t outLength;
NSMutableData *
decryptedData = [NSMutableData dataWithLength:data.length];

CCCryptorStatus
result = CCCrypt(kCCDecrypt,
                 kAlgorithm,
                 kCCOptionPKCS7Padding,
                 key.bytes,
                 key.length,
                 iv.bytes,
                 data.bytes,
                 data.length,
                 decryptedData.mutableBytes,
                 decryptedData.length,
                 &outLength);

if (result == kCCSuccess) {
    decryptedData.length = outLength;
}
else {
    if (error) {
        *error = [NSError errorWithDomain:kRNCryptManagerErrorDomain
                                     code:result
                                 userInfo:nil];
    }
    return nil;
}

return decryptedData;

}

This is taken from http://robnapier.net/aes-commoncrypto for reference.

According to the CCCrypt documentation, I should receive a kCCDecodeError if my data does not properly decrypt, so I assume that the decrypt operation was successful, just gave garbage data due to the wrong key.

So, what is the best practice for determining if the correct key was used to decrypt the data?

Solution

  • kCCDecodeError does not provide information if the correct key is used, just if there are gross errors.

    The only way to know if the key is correct is to verify the output. The output can be verified in total or with a hash or other verification such as knowing it should be good output that makes sense in some fashion.

    Answering the best practice to determine if the key was correct:

    1. That is not a function of encryption and having such a method reduces the security by essentially providing a crib to an attacker. See Known-plaintext attack.

    2. Other than launching an attack one knows the correct key and uses it.

    3. If you need to be able to determine is decryption was correct add something that can be checked such as a hash of the data or a magic value and verify that on decryption. See 1. above.

    4. For secure authentication see one of several references such as Applied Cryptography by Bruce Schneier, Practical Cryptography by Niels Ferguson, Bruce Schneier, Handbook of Applied Cryptography and many more.

    In general if you want real security hire a cryptographic domain expert.