AES not encoding .utf8

Hi team, i had this issue where my aesDecryt is not enconding to .utf8


staticfunc aesDecrypt(_ cadena: String, keySource: [UInt8], closure: @escaping (Bool, Any) -> Void) {
      
        let bytesBase64 = Array.init(base64: cadena)
        if bytesBase64.count > 0 {
            let llave: Array = Array(keySource[0 ..< 16])
            let valor: Array = Array(keySource[16 ..< 32])
            let data: Array = Array(bytesBase64[16 ..< bytesBase64.count])

            do {
                let aes = try AES(key: llave, blockMode: CBC(iv: valor), padding: Padding.pkcs5)
                let aesDecriptado = try aes.decrypt(bytesBase64)
                if let cadena = String(bytes: aesDecriptado, encoding: .utf8) {
                  
                    closure(true, cadena)
                    print("true response: \(cadena)")
                } else {
                    closure(false, "Not valid string 1")
                }
            } catch {
                closure(false, "decoding error: \(error).")
            }
        } else {
            closure(false, "Not valid string 1")
        }
    }



this is how i call my method


let gID = "sPgFZceJ4Aqc8oiRIVlt8A=="
let  KeysoruceByte = [112, 98, 90, 244, 255, 107, 76, 169, 120, 30, 16, 181, 121, 82, 54, 172, 122, 60, 165, 73, 8, 73, 169, 152, 209, 233, 67, 115, 77, 124, 47, 6, 111, 114, 197, 11, 58, 25, 3, 39, 203, 76, 155, 206, 195, 60, 176, 164, 251, 77, 54, 138, 6, 120, 43, 13, 43, 43, 16, 124, 64, 97, 179, 188]

SecurityMethods.aesDecrypt(gID ?? "", keySource: keySourceByte) { (response, idn) in
                        if response == true {
                            print("responde true")
                            DBManager.shared.deleteIDNEntity()
                           
                            print("este es el idN: \(idn)")
                            if UserSingleton.getInstance().pushToken == ""{
                                self.firebaseToken.getIdN(self.application, callbackToken: self, cGoogleID: idn as! String)
                            }

why this is not a valid String

i had printed every param in my aes method


bytesBase64: [176, 248, 5, 101, 199, 137, 224, 10, 156, 242, 136, 145, 33, 89, 109, 240]

count: 16

llave: [112, 98, 90, 244, 255, 107, 76, 169, 120, 30, 16, 181, 121, 82, 54, 172]

valor: [122, 60, 165, 73, 8, 73, 169, 152, 209, 233, 67, 115, 77, 124, 47, 6]

data: []

valor aes CryptoSwift.AES

aesdecriptado: [150, 227, 55, 227, 153, 182, 70, 184, 10, 99, 8, 165, 193, 255, 74, 170]

Up vote post of InvaDerZim Down vote post of InvaDerZim
1.3k views
Posted by
InvaDerZim
Reply
Add a Comment

Accepted Reply

You seem to be using a third-party library for AES. You might have more luck asking that question via the support channel for that library.

Having said that, there’s something very weird going on with your code. You seem to have set things up so that the first 16 bytes of 

keySource
are the AES key and the second 16 bytes are the AES VI. So far so good. Next, 
cadena
seems to be a Base64 encoding of the cypher text. But then you calculate 
data
by dropping the first 16 bytes of that. And then you ignore 
data
. What’s that about?

Also, in your test case 

KeysoruceByte
is 64 bytes long, so it’s not clear why you’re only looking at the first 32 bytes.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

You seem to be using a third-party library for AES. You might have more luck asking that question via the support channel for that library.

Having said that, there’s something very weird going on with your code. You seem to have set things up so that the first 16 bytes of 

keySource
are the AES key and the second 16 bytes are the AES VI. So far so good. Next, 
cadena
seems to be a Base64 encoding of the cypher text. But then you calculate 
data
by dropping the first 16 bytes of that. And then you ignore 
data
. What’s that about?

Also, in your test case 

KeysoruceByte
is 64 bytes long, so it’s not clear why you’re only looking at the first 32 bytes.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

thanks for answer i wasn't using 'data' as you said i already fix that and about those missing 32 bytes, im only using the first 16 to obtain the key to decrypt the message, and valor from 16 to 32 for my decrypt method aswell i have tryed to change my method to decrypt the array of bytes but still without a clue why this isn't a valid string


staticfunc aesDecrypt(_ cadena: String, keySource: [UInt8], closure: @escaping (Bool, Any) -> Void) {
       
        let bytesBase64 = Array.init(base64: cadena)
        if bytesBase64.count > 0 {
            let llave: Array = Array(keySource[0 ..< 16])
            let valor: Array = Array(keySource[16 ..< 32])
            let data: Array = Array(bytesBase64[0 ..< bytesBase64.count])
           
            do {
                let aes = try AES(key: llave, blockMode: CBC(iv: valor), padding: Padding.pkcs5)
                let aesDecriptado = try aes.decrypt(data)

                if let cadena = String(bytes: aesDecriptado, encoding: .utf8) {
                    closure(true, cadena)
                    print("true : \(cadena)")
                } else {
                    closure(false, "not a validString 1")
                }
            } catch {
                closure(false, "bad decoding: \(error).")
            }
        } else {
            closure(false, not a valid string 2")
        }
    }


it's weird because this is the data from a fail test
it gaves the error not a valid string

let gID =  "KNwQdv0AD8JJB3JX2mh1dQ=="
let KeysoruceByte = [99, 16, 165, 104, 95, 153, 132, 90, 82, 107, 156, 95, 190, 204, 158, 152, 251, 74, 2, 117, 200, 86, 39, 156, 187, 90, 184, 21, 119, 217, 163, 204, 167, 213, 251, 78, 66, 46, 107, 72, 26, 77, 43, 51, 76, 24, 97, 152, 220, 112, 133, 177, 32, 234, 106, 20, 6, 65, 208, 92, 249, 80, 155, 251]



and this a success case

let gID = "UbWnBI/rH40HkRChiFW2ZQ=="
let KeysoruceByte = [146, 40, 137, 171, 165, 67, 228, 177, 250, 13, 59, 214, 116, 183, 18, 228, 128, 179, 227, 95, 146, 117, 165, 64, 149, 73, 114, 141, 238, 160, 34, 219, 6, 217, 69, 136, 52, 215, 186, 212, 129, 228, 244, 212, 66, 159, 53, 251, 172, 66, 68, 236, 5, 235, 62, 192, 126, 16, 104, 30, 144, 57, 196, 4]


after the method is call inmediatly runs this

let bytesBase64 = Array.init(base64: cadena)


bytesBase64: [81, 181, 167, 4, 143, 235, 31, 141, 7, 145, 16, 161, 136, 85, 182, 101] it prints this and .count is 16


the keySource printed:[146, 40, 137, 171, 165, 67, 228, 177, 250, 13, 59, 214, 116, 183, 18, 228, 128, 179, 227, 95, 146, 117, 165, 64, 149, 73, 114, 141, 238, 160, 34, 219, 6, 217, 69, 136, 52, 215, 186, 212, 129, 228, 244, 212, 66, 159, 53, 251, 172, 66, 68, 236, 5, 235, 62, 192, 126, 16, 104, 30, 144, 57, 196, 4] ------ .count: 64


and it a valid string here's the values printed

llave: [146, 40, 137, 171, 165, 67, 228, 177, 250, 13, 59, 214, 116, 183, 18, 228]   // .count16
valor: [128, 179, 227, 95, 146, 117, 165, 64, 149, 73, 114, 141, 238, 160, 34, 219]   // .count16
data: [81, 181, 167, 4, 143, 235, 31, 141, 7, 145, 16, 161, 136, 85, 182, 101]   // .count16
valor aes CryptoSwift.AES
aesdecriptado: [50, 48, 49, 50, 52, 55, 48, 54, 57, 50, 49, 57]  // .count12
response true
valid string idN: 201247069219



but when it comes to the error:



bytesBase64: [81, 181, 167, 4, 143, 235, 31, 141, 7, 145, 16, 161, 136, 85, 182, 101] it prints this and .count is 16


the keySource printed: [99, 16, 165, 104, 95, 153, 132, 90, 82, 107, 156, 95, 190, 204, 158, 152, 251, 74, 2, 117, 200, 86, 39, 156, 187, 90, 184, 21, 119, 217, 163, 204, 167, 213, 251, 78, 66, 46, 107, 72, 26, 77, 43, 51, 76, 24, 97, 152, 220, 112, 133, 177, 32, 234, 106, 20, 6, 65, 208, 92, 249, 80, 155, 251] ------ .count: 64



and it a valid string here's the values printed

llave: [99, 16, 165, 104, 95, 153, 132, 90, 82, 107, 156, 95, 190, 204, 158, 152] //.count: 16
valor: [251, 74, 2, 117, 200, 86, 39, 156, 187, 90, 184, 21, 119, 217, 163, 204] //.count: 16
data: [40, 220, 16, 118, 253, 0, 15, 194, 73, 7, 114, 87, 218, 104, 117, 117] //.count: 16
valor aes CryptoSwift.AES
aesdecriptado: [100, 234, 14, 199, 41, 95, 71, 232, 35, 183, 208, 70, 97, 173, 104, 231] //.count: 16
responde FALSE
not a valid string 1



the only difference i see is the 'aesdecriptado'

when it comes to sucess case it as 12 bits

aesdecriptado: [50, 48, 49, 50, 52, 55, 48, 54, 57, 50, 49, 57] //.count: 12


but its a fail case prints 16 bits


aesdecriptado: [100, 234, 14, 199, 41, 95, 71, 232, 35, 183, 208, 70, 97, 173, 104, 231] //.count: 16


that's why i tried to change my method to convert to string but still not working

Posted by
InvaDerZim
Up vote reply of InvaDerZim Down vote reply of InvaDerZim
Add a Comment

Are you sure you should be using PKCS#5 padding? According to The Fount of All Knowledge™, it is “only … defined for block ciphers that use a 64-bit (8-byte) block size”, and AES using a 16-byte block size. Does your crypto library have a 

Padding.pkcs7
option?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

it's already fix, because i was taking a encrypted parameter to make 'keySource' so it was "encrypted" that was the mistake

thanks alot 🙂

Posted by
InvaDerZim
Up vote reply of InvaDerZim Down vote reply of InvaDerZim
Add a Comment