0

I have an android project that uses BasicTextEncryptor to encrypt and decrypt some information from a server. I'm implementing an iOS version and would like to know if there is an iOS equivalent version of this that uses the same method of encryption/decryption?

This is the encryption framework for java http://www.jasypt.org/api/jasypt/1.8/org/jasypt/util/text/BasicTextEncryptor.html

Thank you in advance

Improve this question

1 Answer 1

Reset to default
1

Notice that BasicTextEncryptor is deprecated. It uses DES and MD5 for password to key generation. These should not be used for new work. DES uses a 56 bit key which is considered to short, even when DES is used today it is usually used in 3DES form which provided 112 or 168 bit keys.

The additional problem is that it will require substantial digging to get all the information and options used by BasicTextEncryptor.

Your best option is to use current cryptographic methods and methods that clearly layout the options and methods used, these are: PBKDF2 and AES.

PBKDF2 is a method to create a secure encryption key from a password. PBKDF2 stands for "Password-Based Key Derivation Function 2", you will need tp know the number of rounds used. This is the replacement for the use of MD5.

AES stands for "Advanced Encryption Standard" and supports 128 and 256 bit keys.
The options you will need to know for compatibility are:

  • Encryption mode
  • IV (Initialization Vector)
  • Padding
  • Key size

Both PBKDF2 and AES are supported by iOS CommonCrypto.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you for your comment, it was really helpful. I'm not sure at this point if editing the android project will be an option. If it turns out that I'll need to stick with the DES and MD5 way of doing things can you tell me if that is something that would be difficult or even possible to write for iOS?
Sure you can do it but as I pointed out you will have to figure out exactly what BasicTextEncryptor is doing. Just dig down through the java libraries. BasicTextEncryptor is just a wrapper that is around the fundamental crypto operations. Most of these wrappers are not designed for interoperability, if the were they would explicitly state the underlying operations, parameters and options. As for changing, well, the real question is: Are you trying to provide real security or just the appearance.
Thank you. If it were up to me I would opt for the more secure option without question. Unfortunately all I can do is offer my advice and see how it goes. I also don't know very much about encryption or cryptography so I may not make the case very well. Thanks again for the advice.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.