AES Decryption

Question

TJSartain OP

Created Mar ’25

Replies 3

Boosts 0

Participants 2

Having trouble decrypting a string using an encryption key and an IV.

var key: String 
var iv:  String

func decryptData(_ encryptedText: String) -> String?
{
      if  let textData = Data(base64Encoded: iv + encryptedText)  {
        do {
            let sealedBox = try AES.GCM.SealedBox(combined: textData)
            let key = SymmetricKey(data: key.data(using: .utf8)!)
            let decryptedData = try AES.GCM.open(sealedBox, using: key)
            return String(data: decryptedData, encoding: .utf8)
        } catch {
            print("Decryption failed: \(error)")
            return nil
        }
    }
    return nil
}

Proper coding choices aside (I'm just trying anything at this point,) the main problem is opening the SealedBox. If I go to an online decryption site, I can paste in my encrypted text, the encryption key, and the IV as plain text and I can encrypt and decrypt just fine.

But I can't seem to get the right combo in my Swift code. I don't have a "tag" even though I'm using the combined option. How can I make this work when all I will be receiving is the encrypted text, the encryption key, and the IV. (the encryption key is 256 bits)

Try an AES site with a key of 32 digits and an IV of 16 digits and text of your choice. Use the encrypted version of the text and then the key and IV in my code and you'll see the problem. I can make the SealedBox but I can't open it to get the decrypted data. So I'm not combining the right things the right way. Anyone notice the problem?

Answered by DTS Engineer in 828357022

another post of yours where you shared a Swift wrapper around CommonCrypto’s AES CBC support.

Yeah, that’s pretty much where I was going with this (-: Lemme know how you get along.

(For those following at home, I suspect that TJSartain is referring to this example.)

My cyphertext is in fact NOT a multiple of 16.

That’s problematic. In CBC the cyphertext is always a multiple of 16. Any padding is added before encryption.

However, the explanation here is simple. Your cyphertext is actually Base64 encoded. Once you undo that, you get a 16 byte multiple:

% xxd cyphertext.b64 
00000000: 3233 4b46 5930 7165 6550 7641 2b59 6c4b  23KFY0qeePvA+YlK
00000010: 394d 3658 6c6e 6930 4850 694f 784e 6364  9M6Xlni0HPiOxNcd
00000020: 434a 4b43 6350 6f2f 4f70 6551 4e43 3243  CJKCcPo/OpeQNC2C
00000030: 6750 7470 7837 3553 4b33 744f 654c 2b69  gPtpx75SK3tOeL+i
00000040: 6430 6f44 5033 6265 7875 6557 7a52 7564  d0oDP3bexueWzRud
00000050: 7652 7870 7a4f 7965 4471 5141 6268 4f37  vRxpzOyeDqQAbhO7
00000060: 5764 7052 4f36 7344 4c2f 4d3d            WdpRO6sDL/M=
% base64 -D < cyphertext.b64 | xxd
00000000: db72 8563 4a9e 78fb c0f9 894a f4ce 9796  .r.cJ.x....J....
00000010: 78b4 1cf8 8ec4 d71d 0892 8270 fa3f 3a97  x..........p.?:.
00000020: 9034 2d82 80fb 69c7 be52 2b7b 4e78 bfa2  .4-...i..R+{Nx..
00000030: 774a 033f 76de c6e7 96cd 1b9d bd1c 69cc  wJ.?v.........i.
00000040: ec9e 0ea4 006e 13bb 59da 513b ab03 2ff3  .....n..Y.Q;../.

Both your key and IV are ASCII. I hope that’s not the case for your real product, because it means you’re losing between a half and a quarter of your entropy

Also, be careful with AES-CBC. Its applies encryption but not authentication. Encryption without authentication is quite bogus security-wise. If you use AES-CBC to encrypt stuff, you have to add an additional authentication layer.

Incidentally, that’s why Apple CryptoKit supports AES-GCM but not AES-CBC. Apple CryptoKit focuses on recommended technologies, and we actively recommend AES-GCM over other AES modes.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Mar ’25

The code you posted is using AES-GCM. If you’ve been given a string with an IV then you’re not using AES-GCM, because AES-GCM doesn’t use IVs [1]. I suspect that your data is encrypted with AES-ECB or AES-CBC [2].

Can you post a test vector? That is, hex dumps of the:

Actual cyphertext — It’s length must be an even multiple of 16
Key — 16 (AES-128), 24 (AES-192), or 32 (AES-256) bytes
IV — 16 bytes
Expected plaintext

That should be enough for me to get you heading in the right direction.

IMPORTANT I’m asking for hex dumps rather than strings because that eliminates text encoding concerns.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Well, it uses them internally but… *shrug*… I never did quite grok the full details of GCM (-:

[2] Those are the usual suspects when it comes to badly underspecified cryptographic requirements (-:

0

Answer 2

TJSartain OP

Mar ’25

You are indeed correct, sir, it is CBC. I failed to mention that. I'm hoping I can still accomplish this without using GCM.

Here is a sample of what works online:

Actual cyphertext : 32334b4659307165655076412b596c4b394d36586c6e69304850694f784e6364434a4b4363506f2f4f7065514e43324367507470783735534b33744f654c2b6964306f4450336265787565577a527564765278707a4f79654471514162684f37576470524f3673444c2f4d3d

Key : 3132333435363738393132333435363738393132333435363738393132333435

IV : 31323334353637383132333435363738

Expected plaintext : 7b20226c6f6164223a20223132333435363637222c2022737570706c696572223a20223938373635343332222c202263617272696572223a20224142434422207d

FYI, your CBC nudge led me to another post of yours where you shared a Swift wrapper around CommonCrypto’s AES CBC support. Digging into that now.

My cyphertext is in fact NOT a multiple of 16. Since the online site I used didn't seem to care, I'm wondering what their method is. Is there some safe padding that can be applied?

0

Answer 3

DTS Engineer OP

Apple

Mar ’25

Recommended

another post of yours where you shared a Swift wrapper around CommonCrypto’s AES CBC support.

Yeah, that’s pretty much where I was going with this (-: Lemme know how you get along.

(For those following at home, I suspect that TJSartain is referring to this example.)

My cyphertext is in fact NOT a multiple of 16.

That’s problematic. In CBC the cyphertext is always a multiple of 16. Any padding is added before encryption.

However, the explanation here is simple. Your cyphertext is actually Base64 encoded. Once you undo that, you get a 16 byte multiple:

% xxd cyphertext.b64 
00000000: 3233 4b46 5930 7165 6550 7641 2b59 6c4b  23KFY0qeePvA+YlK
00000010: 394d 3658 6c6e 6930 4850 694f 784e 6364  9M6Xlni0HPiOxNcd
00000020: 434a 4b43 6350 6f2f 4f70 6551 4e43 3243  CJKCcPo/OpeQNC2C
00000030: 6750 7470 7837 3553 4b33 744f 654c 2b69  gPtpx75SK3tOeL+i
00000040: 6430 6f44 5033 6265 7875 6557 7a52 7564  d0oDP3bexueWzRud
00000050: 7652 7870 7a4f 7965 4471 5141 6268 4f37  vRxpzOyeDqQAbhO7
00000060: 5764 7052 4f36 7344 4c2f 4d3d            WdpRO6sDL/M=
% base64 -D < cyphertext.b64 | xxd
00000000: db72 8563 4a9e 78fb c0f9 894a f4ce 9796  .r.cJ.x....J....
00000010: 78b4 1cf8 8ec4 d71d 0892 8270 fa3f 3a97  x..........p.?:.
00000020: 9034 2d82 80fb 69c7 be52 2b7b 4e78 bfa2  .4-...i..R+{Nx..
00000030: 774a 033f 76de c6e7 96cd 1b9d bd1c 69cc  wJ.?v.........i.
00000040: ec9e 0ea4 006e 13bb 59da 513b ab03 2ff3  .....n..Y.Q;../.

Both your key and IV are ASCII. I hope that’s not the case for your real product, because it means you’re losing between a half and a quarter of your entropy

Also, be careful with AES-CBC. Its applies encryption but not authentication. Encryption without authentication is quite bogus security-wise. If you use AES-CBC to encrypt stuff, you have to add an additional authentication layer.

Incidentally, that’s why Apple CryptoKit supports AES-GCM but not AES-CBC. Apple CryptoKit focuses on recommended technologies, and we actively recommend AES-GCM over other AES modes.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0