3 Replies
      Latest reply on Jun 27, 2018 9:04 AM by flarosa
      flarosa Level 1 Level 1 (0 points)



        I'm trying to figure out how to encrypt some data using an AES key. I also need to generate the AES key. My project is in Swift so I'd prefer to keep the code in Swift if possible.


        My research suggests that an AES key is simply 256 random bits, which can be created this way:

          var aesKeyBytes = [UInt8](repeating: 0, count: 32)
          _ = SecRandomCopyBytes(kSecRandomDefault, 32, &aesKeyBytes)


        So far so good, that code seems to fill the array with random bytes.


        What happens next is very hazy. I think I need a SecKey object so I can call the SecKeyEncrypt function. I tried creating one this way:

          let aesKeyData = Data(aesKeyBytes)
          let aesKeyDict:[NSObject:NSObject] = [
               kSecAttrKeyType: kSecAttrKeyTypeRSA,
               kSecAttrKeyClass: kSecAttrKeyClassSymmetric,
               kSecAttrKeySizeInBits: NSNumber(value: 256),
               kSecReturnPersistentRef: true as NSObject
          let aesKey = SecKeyCreateWithData(aesKeyData as CFData, aesKeyDict as CFDictionary, nil)


        It doesn't work though. The value of aesKey is nil after the function call. If I add the error parameter, the error reads:

        "Unsupported symmetric key type: 42"


        I suspect that kSecAttrKeyType should be something other than RSA, but I can't figure out what. In the documentation, it says I can use kSecAttrKeyTypeAES, but no such symbol actually exists in the code.



        • Re: Encrypt using AES key?
          flarosa Level 1 Level 1 (0 points)

          After digging around in the documentation, I think the function I need is SecKeyCreateFromData rather than SecKeyCreateWithData. But when I type that into my app, it isn't recognized as a valid function.


          The documentation seems to suggest that SecKeyCreateFromData and kSecAttrKeyTypeAES are only available in Mac OS, which I can only guess is some kind of typo? I can't believe that AES encryption isn't available in iOS.

          • Re: Encrypt using AES key?
            eskimo Apple Staff Apple Staff (9,685 points)

            You are, alas, completely off in the weeds )-:  SecKeyEncrypt is for use with asymmetric encryption, like RSA or EC.  For symmetric encryption, like AES, you’ll need to use Common Crypto.  The CryptoCompatibility sample code shows the way.

            My project is in Swift so I'd prefer to keep the code in Swift if possible.

            This is quite challenging.  Common Crypto is not a nice API to call from Swift in general.  Moreover, prior to Xcode 10 (currently in beta), even importing the module is un-fun.  My recommendation is that you take the code from CryptoCompatibility, wrap it into a nice Objective-C class method that’s easy to call from Swift, and call that.

            Share and Enjoy

            Quinn “The Eskimo!”
            Apple Developer Relations, Developer Technical Support, Core OS/Hardware
            let myEmail = "eskimo" + "1" + "@apple.com"