Search code examples
iosencryptionrncryptor

Trying To Make Sense of RNCryptor


I am working on a project and we need to encrypt some user credentials (username, password, userId, ect.) to pass to our server. We have decided to use AES256 in order to achieve this. Doing some research on this subject it was hard to avoid noticing a project out there, RNCryptor that claims to be an easy-to-use solution to this problem.

So I included the framework into my project and soon realized it was not as straight forward as I thought. I was hoping for a solution to where I could encrypt my credential strings by simply - (1) derive a key that I would like to encrypt my stringed credentials with, (2) pass the key and my string into the appropriate RNCryptor's method, (3) retrieve my encrypted string back from said method.

This would be too good to be true however.

The reality of RNCryptor is that it has methods like this:

[RNEncryptor encryptData:someData 
            withSettings:kRNCryptorAES256Settings
                password:someString
                   error:&someError];

This is confusing because of the terminology.

WHAT IS PASSWORD?

This is never explained. A password for what? Is this for a user password I want to encrypt, the password key that I want to encrypt with, or the password to login to my computer (sarcasm).

ENCRYPT DATA?

Is this a UTF8 encoded string of what the user credentials that I want to encrypt? That is my best guess but again, not explained in the RNCryptor Github "documentation".


Solution

  • password is used to generate the encryption key, it is an NSString the data is encrypted with. encryptData is the data to encrypt and is an NSData.

    Encryption works with data, that an array of 8-bit bytes. You need to convert whatever you have to an NSData. For an NSString there is the method:

    NSData *dataToBeEncrypted = [myString dataUsingEncoding:NSUTF8StringEncoding];
    

    and

    NSString *myString = [[NSString alloc] initWithData:decryptedData encoding:NSUTF8StringEncoding];
    

    Additionally it requires an encryption key, RNCryptor takes an NSString and derives an encryption key from it.

    There are of course options and while most of these handles internally by RNCryptor there still some available to the developer using it.

    There two main versions with more options, you are probably best off using the password version.

    One taking a NSString password:

    + (NSData *)encryptData:(NSData *)data withSettings:(RNCryptorSettings)settings password:(NSString *)password error:(NSError **)error;
    

    A second taking an NSData encryption key as well as a NSData authentication key.

    + (NSData *)encryptData:(NSData *)data withSettings:(RNCryptorSettings)settings encryptionKey:(NSData *)encryptionKey HMACKey:(NSData *)HMACKey error:(NSError **)error;
    

    RNCryptor is you best choice, it handles key derivation from a password, a random IV, authentication of the encrypted data and padding.