About Generating and Managing AES Encryption Keys

Asked 2 years ago, Updated 2 years ago, 78 views

Thank you for your help.

Encryption keys for iOS AES256 encryption.

Generate an encryption key with the following code and save the encryption key
Keychain and
from keychain for each encryption/complexity It assumes the format in which the encryption key is retrieved.
キー LUKeychainAccess will be used to read and write to the keychain.

encryption key generation logic

NSString*seed=@"abcde......6789";
NSSstring* key=@"";

for(int cnt=0;cnt<32;cnt++){
    key = [ key stringByAppendingString: [ seed substringWithRange: NSMakeRange(int)arc4 random_uniform(int) seed.length), 1)];
}
return key;

Will there be any security issues when encryption key generation/management is done in this way?
If there is a problem, I would appreciate it if you could tell me how to change each generation/management method.

ios objective-c

2022-09-30 20:22

1 Answers

I'm not sure about Objective-C, but is it correct to take out the characters contained in seed at random and concatenate 32 characters?

AES requires a value of 256 bits, not a "32-character string" for a key length of 256 bits.If you limit it to a specific character, the number of bits in the key will be reduced.(210 bits for 32 ASCII characters)

If you want to derive a common key cryptographic key from a random number, you should use a cryptologically secure random number generator (CSPRNG).

I'm not sure if arc4random* can be used as CSPRNG, but SecRandomCopyBytes is clearly stated as CSPRNG, so I think it's better to use it.

If you close your eyes when the key space is a little smaller, you can use it once through SHA-256 before using it.The ASCII string is regular because the multiple bit of 8 is always zero from zero.You can avoid it by passing through the hash function.


2022-09-30 20:22

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.