AES ECB (128 bits)

Hi,


I would like to perform AES ECB (128 bits) encryption.


I understand CryptoKit is available however I could only see AES GCM encryption.


Questions:

- Is it possible to do AES ECB encryption using CryptoKit ?

- For older OS (example less than iOS 13 and macOS 10.15) what is the recommended framework / approach ?

- Is there is any code sample / documentation / video on using the alternate framework ? (would help me as I am new to encryption)


Note: I was hoping to use native frameworks as much as possible but was also scared of doing it on my own as I am new to it.


Many thanks.

Accepted Reply

CryptoKit’s AES support only extends to AES-GCM. This is not an accidental omission. One of the goals of CryptoKit is to make it both easy to do the right thing and hard to do the wrong thing, and it’s very easy to do the wrong thing with ECB. For a vivid illustration of this, see the classic ECB penguin image.

Other folks have filed enhancement requests for other AES modes — for example, we have one for CBC (r. 51502441) — but I can’t see one for ECB. You should feel free to file one yourself. Please post your bug number, just for the record.

In the meantime, you can do AES-ECB using CommonCrypto. This is nowhere near as nice as CryptoKit, but it gets the job done.

I am new to encryption

Well, that’s a worry, given the fundamental problems associated with ECB. Why are you using AES-ECB?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Replies

- Is it possible to do AES ECB encryption using CryptoKit ?

Their documentation says it is possible. h ttps://cryptoswift.io

Thanks Claude31, I was hoping that I could use Apple frameworks directly instead of 3rd party frameworks

CryptoKit’s AES support only extends to AES-GCM. This is not an accidental omission. One of the goals of CryptoKit is to make it both easy to do the right thing and hard to do the wrong thing, and it’s very easy to do the wrong thing with ECB. For a vivid illustration of this, see the classic ECB penguin image.

Other folks have filed enhancement requests for other AES modes — for example, we have one for CBC (r. 51502441) — but I can’t see one for ECB. You should feel free to file one yourself. Please post your bug number, just for the record.

In the meantime, you can do AES-ECB using CommonCrypto. This is nowhere near as nice as CryptoKit, but it gets the job done.

I am new to encryption

Well, that’s a worry, given the fundamental problems associated with ECB. Why are you using AES-ECB?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Quinn,


Sorry for the delayed response.


Reason for using AES ECB:

We are using AES ECB to interact with a bluetooth Peripheral from the mobile. I was told by the hardware engineer that there was limitation and only AES ECB was supported by the Bluetooth Peripheral.


Thanks for Wikipedia link explaining why AES ECB is not recommended.


CryptoKit:

I agree with you, I love CryptoKit, makes encryption so much more accessible for someone like me.


Common Crypto:

- Thanks to you for suggesting common crypto https://developer.apple.com/security (Common Crypto Library)

- Your suggestion led me to the Crypto services https://developer.apple.com/library/archive/documentation/Security/Conceptual/cryptoservices/CryptographyConcepts/CryptographyConcepts.html#//apple_ref/doc/uid/TP40011172-CH8-SW1


Bug Reports Filed:

- FB7402419 requesting if AES ECB can be made available under Insecure.

- FB7402452 requesting to include CryptoKit links on https://developer.apple.com/security, so that developers can discover all options from the main security webpage.


Thank you so much Quinn, for taking the time to respond to this, really appreciate it, I have several times found many of your posts very helpful, thank you !