(Objective-C) Example: Crypt2.RandomizeIV method

Demonstrates using a random initialization vector for AES GCM encryption.

Chilkat Objective-C Library Downloads MAC OS X (Cocoa) Libs iOS Libs

#import <CkoCrypt2.h>
#import <NSString.h>
#import <CkoBinData.h>

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

CkoCrypt2 *crypt = [[CkoCrypt2 alloc] init];

crypt.CryptAlgorithm = @"aes";
crypt.CipherMode = @"gcm";
crypt.KeyLength = [NSNumber numberWithInt:256];

NSString *K = @"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F";
NSString *AAD = @"feedfacedeadbeeffeedfacedeadbeefabaddad2";
NSString *PT = @"This is the text to be AES-GCM encrypted.";

// Generate a random IV.
[crypt RandomizeIV];
NSString *IV = [crypt GetEncodedIV: @"hex"];

[crypt SetEncodedKey: K encoding: @"hex"];

BOOL success = [crypt SetEncodedAad: AAD encoding: @"hex"];

// Return the encrypted bytes as base64
crypt.EncodingMode = @"base64";
crypt.Charset = @"utf-8";
NSString *cipherText = [crypt EncryptStringENC: PT];
if (crypt.LastMethodSuccess != YES) {
    NSLog(@"%@",crypt.LastErrorText);
    return;
}

// Get the GCM authenticated tag computed when encrypting.
NSString *authTag = [crypt GetEncodedAuthTag: @"base64"];

NSLog(@"%@%@",@"Cipher Text: ",cipherText);
NSLog(@"%@%@",@"Auth Tag: ",authTag);

// Let's send the IV, CipherText, and AuthTag to the decrypting party.
// We'll send them concatenated like this: [IV || Ciphertext || AuthTag]
// In base64 format.
CkoBinData *bdEncrypted = [[CkoBinData alloc] init];
[bdEncrypted AppendEncoded: IV encoding: @"hex"];
[bdEncrypted AppendEncoded: cipherText encoding: @"base64"];
[bdEncrypted AppendEncoded: authTag encoding: @"base64"];

NSString *concatenatedGcmOutput = [bdEncrypted GetEncoded: @"base64"];
NSLog(@"%@%@",@"Concatenated GCM Output: ",concatenatedGcmOutput);

// Sample output so far:

// -------------------------------------------------------------------------------------
// Now let's GCM decrypt...
// -------------------------------------------------------------------------------------

CkoCrypt2 *decrypt = [[CkoCrypt2 alloc] init];

// The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD.
// Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor.
decrypt.CryptAlgorithm = @"aes";
decrypt.CipherMode = @"gcm";
decrypt.KeyLength = [NSNumber numberWithInt:256];
[decrypt SetEncodedKey: K encoding: @"hex"];
[decrypt SetEncodedAad: AAD encoding: @"hex"];

CkoBinData *bdFromEncryptor = [[CkoBinData alloc] init];
[bdFromEncryptor AppendEncoded: concatenatedGcmOutput encoding: @"base64"];

int sz = [bdFromEncryptor.NumBytes intValue];

// Extract the parts.
NSString *extractedIV = [bdFromEncryptor GetEncodedChunk: [NSNumber numberWithInt: 0] numBytes: [NSNumber numberWithInt: 16] encoding: @"hex"];
NSString *extractedCipherText = [bdFromEncryptor GetEncodedChunk: [NSNumber numberWithInt: 16] numBytes: [NSNumber numberWithInt: (sz - 32)] encoding: @"base64"];
NSString *expectedAuthTag = [bdFromEncryptor GetEncodedChunk: [NSNumber numberWithInt: (sz - 16)] numBytes: [NSNumber numberWithInt: 16] encoding: @"base64"];

// Before GCM decrypting, we must set the authenticated tag to the value that is expected.
// The decryption will fail if the resulting authenticated tag is not equal to the expected result.
success = [decrypt SetEncodedAuthTag: expectedAuthTag encoding: @"base64"];

// Also set the IV.
[decrypt SetEncodedIV: extractedIV encoding: @"hex"];

// Decrypt..
decrypt.EncodingMode = @"base64";
decrypt.Charset = @"utf-8";
NSString *decryptedText = [decrypt DecryptStringENC: extractedCipherText];
if (decrypt.LastMethodSuccess != YES) {
    // Failed.  The resultant authenticated tag did not equal the expected authentication tag.
    NSLog(@"%@",decrypt.LastErrorText);
    return;
}

NSLog(@"%@%@",@"Decrypted: ",decryptedText);