CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc

Related tags

Security RNCryptor
Overview

RNCryptor

BuddyBuild

Cross-language AES Encryptor/Decryptor data format.

The primary targets are Swift and Objective-C, but implementations are available in C, C++, C#, Erlang, Go, Haskell, Java, PHP, Python, Javascript, and Ruby.

The data format includes all the metadata required to securely implement AES encryption, as described in "Properly encrypting with AES with CommonCrypto," and iOS 6 Programming Pushing the Limits, Chapter 15. Specifically, it includes:

  • AES-256 encryption
  • CBC mode
  • Password stretching with PBKDF2
  • Password salting
  • Random IV
  • Encrypt-then-hash HMAC

Contents

Format Versus Implementation

The RNCryptor data format is cross-platform and there are many implementations. The framework named "RNCryptor" is a specific implementation for Swift and Objective-C. Both have version numbers. The current data format is v3. The current framework implementation (which reads the v3 format) is v4.

Basic Password Usage

// Encryption
let data: NSData = ...
let password = "Secret password"
let ciphertext = RNCryptor.encrypt(data: data, withPassword: password)

// Decryption
do {
    let originalData = try RNCryptor.decrypt(data: ciphertext, withPassword: password)
    // ...
} catch {
    print(error)
}

Incremental Usage

RNCryptor supports incremental use, for example when using with NSURLSession. This is also useful for cases where the encrypted or decrypted data will not comfortably fit in memory.

To operate in incremental mode, you create an Encryptor or Decryptor, call updateWithData() repeatedly, gathering its results, and then call finalData() and gather its result.

//
// Encryption
//
let password = "Secret password"
let encryptor = RNCryptor.Encryptor(password: password)
let ciphertext = NSMutableData()

// ... Each time data comes in, update the encryptor and accumulate some ciphertext ...
ciphertext.appendData(encryptor.updateWithData(data))

// ... When data is done, finish up ...
ciphertext.appendData(encryptor.finalData())

//
// Decryption
//
let password = "Secret password"
let decryptor = RNCryptor.Decryptor(password: password)
let plaintext = NSMutableData()

// ... Each time data comes in, update the decryptor and accumulate some plaintext ...
try plaintext.appendData(decryptor.updateWithData(data))

// ... When data is done, finish up ...
try plaintext.appendData(decryptor.finalData())

Importing into Swift

Most RNCryptor symbols are nested inside an RNCryptor namespace.

Installation

Requirements

RNCryptor 5 is written in Swift 3 and does not bridge to Objective-C (it includes features that are not available). If you want an ObjC implementation, see RNCryptor-objc. That version can be accessed from Swift, or both versions can coexist in the same project.

The Bridging Header

CommonCrypto is not a modular header (and Apple has suggested it may never be). This makes it very challenging to import into Swift. To work around this, the necessary header files have been copied into RNCryptor.h, which needs to be bridged into Swift. You can do this either by using RNCryptor as a framework, adding #import "RNCryptor/RNCryptor.h" to your existing bridging header, or making RNCryptor/RNCryptor.h your bridging header in Build Settings, "Objective-C Bridging Header."

Installing Manually

The easiest way to use RNCryptor is by making it part of your project, without a framework. RNCryptor is just one swift file and one bridging header, and you can skip all the complexity of managing frameworks this way. It also makes version control very simple if you use submodules, or checkin specific versions of RNCryptor to your repository.

This process works for most targets: iOS and OS X GUI apps, Swift frameworks, and OS X commandline apps. It is not safe for ObjC frameworks or frameworks that may be imported into ObjC, since it would cause duplicate symbols if some other framework includes RNCryptor.

  • Drag and link RNCryptor/RNCryptor.swift and RNCryptor.h into your project
  • If you already have a bridging header file, add #import "RNCryptor.h" (or the path to which you copied RNCryptor.h).
  • If you don't have a bridging header:
    • Swift project: In your target's Build Settings, set "Objective-C Bridging Header" to your path for RNCryptor.h. (Or create a bridiging header and follow instructions above.)
    • ObjC project: Xcode will ask if you want to create a bridging header. Allow it to, and add #import "RNCryptor.h" to the header (or the path to which you copied RNCryptor.h)
  • To access RNCryptor from Swift, you don't need to import anything. It's just part of your module.
  • To access RNCryptor from ObjC, import your Swift header (modulename-Swift.h). For example: #import "MyApp-Swift.h".

Built this way, you don't need to (and can't) import RNCryptor into your code. RNCryptor will be part of your module.

Carthage

github "RNCryptor/RNCryptor" ~> 5.0

This approach will not work for OS X commandline apps. Don't forget to embed RNCryptor.framework.

Built this way, you should add @import RNCryptor; to your ObjC or import RNCryptor to your Swift code.

This approach will not work for OS X commandline apps.

CocoaPods

pod 'RNCryptor', '~> 5.0'

This approach will not work for OS X commandline apps.

Built this way, you should add import RNCryptor to your Swift code.

Advanced Usage

Version-Specific Cryptors

The default RNCryptor.Encryptor is the "current" version of the data format (currently v3). If you're interoperating with other implementations, you may need to choose a specific format for compatibility.

To create a version-locked cryptor, use RNCryptor.EncryptorV3 and RNCryptor.DecryptorV3.

Remember: the version specified here is the format version, not the implementation version. The v4 RNCryptor framework reads and writes the v3 RNCryptor data format.

Key-Based Encryption

You need a little expertise to use key-based encryption correctly, and it is very easy to make insecure systems that look secure. The most important rule is that keys must be random across all their bytes. If you're not comfortable with basic cryptographic concepts like AES-CBC, IV, and HMAC, you probably should avoid using key-based encryption.

Cryptography works with keys, which are random byte sequences of a specific length. The RNCryptor v3 format uses two 256-bit (32-byte) keys to perform encryption and authentication.

Passwords are not "random byte sequences of a specific length." They're not random at all, and they can be a wide variety of lengths, very seldom exactly 32. RNCryptor defines a specific and secure way to convert passwords into keys, and that is one of it's primary features.

Occasionally there are reasons to work directly with random keys. Converting a password into a key is intentionally slow (tens of milliseconds). Password-encrypted messages are also a 16 bytes longer than key-encrypted messages. If your system encrypts and decrypts many short messages, this can be a significant performance impact, particularly on a server.

RNCryptor supports direct key-based encryption and decryption. The size and number of keys may change between format versions, so key-based cryptors are version-specific.

In order to be secure, the keys must be a random sequence of bytes. See Converting a Password to a Key for how to create random sequences of bytes if you only have a password.

let encryptor = RNCryptor.EncryptorV3(encryptionKey: encryptKey, hmacKey: hmacKey)
let decryptor = RNCryptor.DecryptorV3(encryptionKey: encryptKey, hmacKey: hmacKey)

FAQ

How do I detect an incorrect password?

If you decrypt with the wrong password, you will receive an HMACMismatch error. This is the same error you will receive if your ciphertext is corrupted.

The v3 data format has no way to detect incorrect passwords directly. It just decrypts gibberish, and then uses the HMAC (a kind of encrypted hash) to determine that the result is corrupt. You won't discover this until the entire message has been decrypted (during the call to finalData()).

This can be inconvenient for the user if they have entered the wrong password to decrypt a very large file. If you have this situation, the recommendation is to encrypt some small, known piece of data with the same password. Test the password on the small ciphertext before decrypting the larger one.

The v4 data format will provide a faster and more useful mechanism for validating the password or key.

What is an "HMAC Error?" (Error code 1)

See previous question. Either your data is corrupted or you have the wrong password.

The most common cause of this error (if your password is correct) is that you have misunderstood how Base64 encoding works while transferring data to or from the server. If you have a string like "YXR0YWNrIGF0IGRhd24=", this is not "data." This is a string. It is probably Base64 encoded, which is a mechanism for converting data into strings. Some languages (JavaScript, PHP) have a habit of implicitly converting between data into Base64 strings, which is confusing and error-prone (and the source of many of these issues). Simple rule: if you can print it out without your terminal going crazy, it's not encrypted data.

If you convert a Base64-encoded string to data using dataUsingEncoding(), you will get gibberish as far as RNCryptor is concerned. You need to use init?(base64EncodedData:options:). Depending on the options on the iOS side or the server side, spaces and newlines may matter. You need to verify that precisely the bytes that came out of the encryptor are the bytes that go into the decryptor.

Can I use RNCryptor to read and write my non-RNCryptor data format?

No. RNCryptor implements a specific data format. It is not a general-purpose encryption library. If you have created your own data format, you will need to write specific code to deal with whatever you created. Please make sure the data format you've invented is secure. (This is much harder than it sounds.)

If you're using the OpenSSL encryption format, see RNOpenSSLCryptor.

Can I change the parameters used (algorithm, iterations, etc)?

No. See previous question. The v4 format will permit some control over PBKDF2 iterations, but the only thing configurable in the v3 format is whether a password or key is used. This keeps RNCryptor implementations dramatically simpler and interoperable.

How do I manually set the IV?

You don't. See the last two questions.

Also note that if you ever reuse a key+IV combination, you risk attackers decrypting the beginning of your message. A static IV makes a key+IV reuse much more likely (guarenteed if you also have a static key). Wikipedia has a quick overview of this problem.

How do I encrypt/decrypt a string?

AES encrypts bytes. It does not encrypt characters, letters, words, pictures, videos, cats, or ennui. It encrypts bytes. You need to convert other things (such as strings) to and from bytes in a consistent way. There are several ways to do that. Some of the most popular are UTF-8 encoding, Base-64 encoding, and Hex encoding. There are many other options. There is no good way for RNCryptor to guess which encoding you want, so it doesn't try. It accepts and returns bytes in the form of NSData.

To convert strings to data as UTF-8, use dataUsingEncoding() and init(data:encoding:). To convert strings to data as Base-64, use init(base64EncodedString:options:) and base64EncodedStringWithOptions().

Does RNCryptor support random access decryption?

The usual use case for this is encrypting media files like video. RNCryptor uses CBC encryption, which prevents easy random-access. While other modes are better for random-access (CTR for instance), they are more complicated to implement correctly and CommonCrypto doesn't support using them for random access anyway.

It would be fairly easy to build a wrapper around RNCryptor that allowed random-access to blocks of some fixed size (say 64k), and that might work well for video with modest overhead (see inferno for a similar idea in C#). Such a format would be fairly easy to port to other platforms that already support RNCryptor.

If there is interest, I may eventually build this as a separate framework.

See also Issue #161 for a much longer discussion of this topic.

Design Considerations

RNCryptor has several design goals, in order of importance:

Easy to use correctly for most common use cases

The most critical concern is that it be easy for non-experts to use RNCryptor correctly. A framework that is more secure, but requires a steep learning curve on the developer will either be not used, or used incorrectly. Whenever possible, a single line of code should "do the right thing" for the most common cases.

This also requires that it fail correctly and provide good errors.

Reliance on CommonCryptor functionality

RNCryptor has very little "security" code. It relies as much as possible on the OS-provided CommonCryptor. If a feature does not exist in CommonCryptor, then it generally will not be provided in RNCryptor.

Best practice security

Wherever possible within the above constraints, the best available algorithms are applied. This means AES-256, HMAC+SHA256, and PBKDF2. (Note that several of these decisions were reasonable for v3, but may change for v4.)

  • AES-256. While Bruce Schneier has made some interesting recommendations regarding moving to AES-128 due to certain attacks on AES-256, my current thinking is in line with Colin Percival. PBKDF2 output is effectively random, which should negate related-keys attacks against the kinds of use cases we're interested in.

  • AES-CBC mode. This was a somewhat complex decision, but the ubiquity of CBC outweighs other considerations here. There are no major problems with CBC mode, and nonce-based modes like CTR have other trade-offs. See "Mode changes for RNCryptor" for more details on this decision.

  • Encrypt-then-MAC. If there were a good authenticated AES mode on iOS (GCM for instance), I would probably use that for its simplicity. Colin Percival makes good arguments for hand-coding an encrypt-then-MAC rather than using an authenticated AES mode, but in RNCryptor mananging the HMAC actually adds quite a bit of complexity. I'd rather the complexity at a more broadly peer-reviewed layer like CommonCryptor than at the RNCryptor layer. But this isn't an option, so I fall back to my own Encrypt-than-MAC.

  • HMAC+SHA256. No surprises here.

  • PBKDF2. While bcrypt and scrypt may be more secure than PBKDF2, CommonCryptor only supports PBKDF2. NIST also continues to recommend PBKDF2. We use 10k rounds of PBKDF2 which represents about 80ms on an iPhone 4.

Code simplicity

RNCryptor endeavors to be implemented as simply as possible, avoiding tricky code. It is designed to be easy to read and code review.

Performance

Performance is a goal, but not the most important goal. The code must be secure and easy to use. Within that, it is as fast and memory-efficient as possible.

Portability

Without sacrificing other goals, it is preferable to read the output format of RNCryptor on other platforms.

License

Except where otherwise indicated in the source code, this code is licensed under the MIT License:

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ```

Comments
  • RNCryptor Inside a Framework

    RNCryptor Inside a Framework

    When trying to use RNCryptor inside a framework I get this error:

    Include of non-modular header inside framework module 'RNCryptor.RNCryptor'
    

    Has anyone found a workaround?

    opened by bassrock 25
  • Conflicting types error in Xcode 9

    Conflicting types error in Xcode 9

    Seeing this error after trying to build on Xcode 9. Has anyone else had an issue like this?

    RNCryptor.m:61:12: Conflicting types for 'SecRandomCopyBytes'
    

    screen shot 2017-07-21 at 3 55 53 pm

    opened by johnryan 17
  • Crash on deinit of Decryptor in Xcode 10b3

    Crash on deinit of Decryptor in Xcode 10b3

    Hi, first of all thank you for this great library!

    Im using Swift version for quite some time now and after updating to xcode 10 beta 3 im getting crash every time i run the app. so i created new project in xcode 10 beta 3 and added rncryptor through pods 5.0.3 version. in my view did load i have below code

    ` // Encryption let text = "text to encrypr" let data = text.data(using: String.Encoding.utf8) let encryptedData = RNCryptor.encrypt(data: data!, withPassword: "pass")

        encryptedText = encryptedData.base64EncodedString(options: NSData.Base64EncodingOptions(rawValue: 0))
        
        print("original text: \(text)")
        print("encrypted text: \(encryptedText)")
        
        
        var decryptedText = ""
        
        //convert encrypted string to data
        let dataToDecrypt = NSData(base64Encoded: encryptedText, options: NSData.Base64DecodingOptions(rawValue: 0))
        
        // Decryption
        do {
            let originalData = try RNCryptor.decrypt(data: dataToDecrypt! as Data, withPassword: "pass")
            decryptedText = String(data: originalData, encoding: String.Encoding.utf8)!
        } catch {
            print(error)
        }
        
        print("decrypted text: \(decryptedText)")
    

    `

    what i want is to encrypt a String, then convert the Data and save it to firebase. this part works, but when i want to decrypt the String that i saved to firebase the problems start.

    if i pass encryptedData that I get from RNCryptor to the decryptor, it works fine, but when i convert my base64 dtring to data and pass it to decryptor it crashes.

    let originalData = try RNCryptor.decrypt(data: encryptedData, withPassword: "pass") This exact code was working fine on swift 4 and xcode 9.x.

    bug 
    opened by DavidFaraday 15
  • How decrypt data in php server.

    How decrypt data in php server.

    Hi! I have the following problem: I have encrypted the data in ios in the following way:

    NSData *toPHPData = [String dataUsingEncoding:NSUTF8StringEncoding]; NSError *error; NSData *encryptedData = [RNEncryptor encryptData:toPHPData withSettings:kRNCryptorAES256Settings password:@"myPassword" error:&error];

    I then send the data to server php but I do not know how to decrypt. Help me please!!

    opened by cironapo 14
  • Update master repo cocopods

    Update master repo cocopods

    hello! didn't u forget to update master repo of cocoapods? 4.0.0-beta.1 is the last version that I see in repo. pod update causes installing of 4.0.0 release insted of 5.0.1

    opened by alexs555 11
  • Stream Decryption of Media files a chunk at a time

    Stream Decryption of Media files a chunk at a time

    I have a mp4 video file which i am encrypting to save and decrypting to play via AVPlayer. Its working fine when i am decrypting whole file at once but my file is quite big and taking 100% CPU usage and lot of memory. So, I need to decrypt encrypted file in chunks. I tried to decrypt file in chunks but its not playing video as AVPlayer is not recognizing decrypted chunk data maybe data is not stored sequentially while encrypting file. I have tried chacha20, AES, AES.CTR & AES.CBC protocols to encrypt and decrypt files but to no avail.

    I need help regarding this issue, Kindly guide me to the right way to achieve this.

    opened by yawar-ali 11
  • AES - CTR

    AES - CTR

    I know there was a time where RNCryptor used AES - CTR encryption. Now it's CBC and I think I got the point that it's just more secure since it's not that easy to mess up its parameterisation.

    But I need to encrypt video files where I've to use AES - CTR (since it's basically a stream cipher it comes with many advantages for video encryption). Was there a reason RNCryptor did drop the AES - CTR option completely? Are there any plans to bring it back in any form (reading the description doesn't sounds like there are).

    Does anybody know any alternative library to use AES - CTR? I would need to use it in an asynchronous way like RNCryptor offers it in a very elegant way.

    Or do I have to fork this project to adapt it for my personal use?

    opened by sust86 11
  • encrypt.php example for AES128

    encrypt.php example for AES128

    Hi, rnapier, I want to use your encrypt.php example for AES128. Do you have an example code for AES128? or Does RNCryptor only support AES256? FYI, I am using RNCryptor1.1. Thanks.

    opened by guysung 11
  • OpenSSL encryption and decryption

    OpenSSL encryption and decryption

    I'm trying to encrypt and then decrypt a .zip with the following methods https://gist.github.com/4706999, which are called in nested completion blocks. At the end I should have the original file, if my logic doesn't fail me, yet somehow the final file is a corrupted .zip.

    Is the encryption the equivalent of "openssl enc -aes-256-cbc -in in_unenc.zip -k 1234 -p -out out.zip" ?

    Seems like a subtle bug somewhere, but I can't put my finger on it.

    question 
    opened by tudormunteanu 11
  • Usage of custom RNCryptorSettings?

    Usage of custom RNCryptorSettings?

    For encryption it's possible to use custom RNCryptorSettings (which are defined e.g. in a RNCryptor Category):

    NSData *encryptedData = [RNEncryptor encryptData:myData withSettings:kRNCryptorMySettings password:myPassword error:&error];

    It seems like the decryption functionality always uses kRNCryptorAES256Settings when the first byte of the encrypted data matches the RNCryptor version number. It would be a great feature if you could use your custom RNCryptorSettings for encryption and decryption. Maybe this could be realized with an identifier (like kRNCryptorFileVersion) in the RNCryptorSettings that overrides the kRNCryptorFileVersion if set and will be written into the first byte?

    opened by TimoKr 11
  • Retreive IV

    Retreive IV

    Hi all,

    How I can get the IV to send to the server and to decrypt the message?

    I use Python + Tornado on the server, would it be possible to take the IV directly on the server?

    Thank you!

    opened by mhergon 11
  • Add the error coded to the documentation

    Add the error coded to the documentation

    These error codes should be in the documentation:

    /// It is not possible to distinguish between these cases in the v3 data format.
    case HMACMismatch = 1
    
    /// Unrecognized data format. Usually this means the data is corrupt.
    case UnknownHeader = 2
    
    /// `final()` was called before sufficient data was passed to `updateWithData()`
    case MessageTooShort
    
    /// Memory allocation failure. This should never happen.
    case MemoryFailure
    
    /// A password-based decryptor was used on a key-based ciphertext, or vice-versa.
    case InvalidCredentialType
    
    opened by ghost 0
  • Reusing a RNCryptor.DecryptorV3 should produce a specific error message instead of .HMACMismatch

    Reusing a RNCryptor.DecryptorV3 should produce a specific error message instead of .HMACMismatch

    I was under the mistaken impression that I could create a decryptor and then reuse it multiple times to decrypt the data. That doesn't appear to be allowed, but it took me a bit to track down my problem. When I call decryptData a second time, I don't get an error I'd expect. Instead, it throws RNCryptorError.HMACMismatch, which makes it look like the data is the problem.

    e.g., psuedo -

    let decryptor = RNCryptor.DecryptorV3(encryptionKey: encryptionKey, hmacKey: hmacKey)
    
    ...
    
    let decrypted1 = try! decryptor.decryptData(dataPackage1)
    let decrypted2 = try! decryptor.decryptData(dataPackage2)  // throws .HMACMismatch
    

    Looking at the encryptData function comment block, it includes the comment invalidates the cryptor.. decryptData does not include that comment and probably should.

    Suggestion - add an error code for reusing a cryptor after it's been invalidated?

    Unit test -

        func testTwoDecodesOnOneDecryptorV3() {
            let encryptionKey = RNCryptor.randomDataOfLength(RNCryptor.FormatV3.keySize)
            let hmacKey = RNCryptor.randomDataOfLength(RNCryptor.FormatV3.keySize)
    
            let message = "Attack at dawn".dataUsingEncoding(NSUTF8StringEncoding)!
    
            // Encrypting
            let ciphertext = RNCryptor.EncryptorV3(encryptionKey: encryptionKey, hmacKey: hmacKey)
                .encryptData(message)
    
            // Decrypting
            let plaintext = try! RNCryptor.DecryptorV3(encryptionKey: encryptionKey, hmacKey: hmacKey)
                .decryptData(ciphertext)
    
            // try example with storing and reusing decryptor
            let decryptor = RNCryptor.DecryptorV3(encryptionKey: encryptionKey, hmacKey: hmacKey)
            let plaintext2 = try! decryptor.decryptData(ciphertext)
            var plaintext3 = NSData()
            do {
                plaintext3 = try decryptor.decryptData(ciphertext)
            } catch let rnError as RNCryptorError {
                XCTFail("RNCryptorError = \(rnError.rawValue)")  // fails RNCryptorError = 1
            } catch {
                XCTFail("Error = \(error)")
            }
    
            // Did it work? Should be true
            if plaintext != message {
                XCTFail("plaintext mismatch")
            }
            if plaintext2 != message {
                XCTFail("plaintext2 mismatch")
            }
            if plaintext3 != message {
                XCTFail("plaintext3 mismatch")  // fails
            }
        }
    
    opened by LookingSharp 3
  • Minor changes to command-line tool

    Minor changes to command-line tool

    1. Set default value of decrypt_flag to 0 so that encoding works (uninitalized was a positive number interfering with the decode value - it was basically always trying to invoke the decode function)
    2. Added more detailed usage
    opened by tachoknight 0
Releases(5.1.0)
  • 5.1.0(Apr 20, 2019)

  • 5.0.3(Apr 16, 2018)

    • #272. Correct warnings related to incorrect memory access. The previous code was invalid Swift (it accessed a value inside its own withUnsafeBytes block), but happened to work.
    • Removes a Data.init work-around that is no longer needed.
    • #252. Use semver for tags rather than custom RNCryptor-# tags.
    Source code(tar.gz)
    Source code(zip)
  • RNCryptor-5.0.2(Nov 9, 2017)

    This is a minor release that fixes some build configuration issues.

    • Update Swift Package Manager support
    • Update Linux support
    • Add tvOS support
    • Update to Xcode 9.1 settings
    • Update to Swift 4 (no code changes; completely backward compatible)
    • Remove code coverage from Release builds (necessary for Carthage)
    Source code(tar.gz)
    Source code(zip)
  • RNCryptor-5.0.1(Sep 27, 2016)

    • Perform final decryption after HMAC validation. Fixes #185. This improves security very slightly. There is no known or proposed attack that could exploit the previous behavior, but where possible it is better to validate prior to decryption.
    • Fix CocoaPods

    See build details and artifacts at buddybuild: https://dashboard.buddybuild.com/apps/57ea731dbd45750100873fb1/build/57ea785c3dd53201003bef05

    Source code(tar.gz)
    Source code(zip)
  • RNCryptor-4.1.0(Sep 19, 2016)

    For those remaining on Swift 2.3, the swift2 branch (4.x) will continue to support you. If you're on Swift 3, please see master and release 5.0.

    Source code(tar.gz)
    Source code(zip)
  • RNCryptor-5.0.0(Sep 14, 2016)

    This is the Swift 3 release. If you still need 2.2(3) support, see RNCryptor-4.0.0. If you need ObjC support, see RNCryptor/RNCryptor-objc.

    Note that this release removes ObjC bridging. There are just too many little tricky bugs in the compiler. If you need ObjC, I recommend the ObjC-specific version. They should even be able to live in the same project together.

    Source code(tar.gz)
    Source code(zip)
  • RNCryptor-4.0.0(Oct 20, 2015)

    RNCryptor 4 is a complete rewrite of RNCryptor for Swift 2 with full bridging support to Objective-C. It has a streamlined API, simpler installation, and improved internals. It continues to use the v3 data format and is fully interoperable with other RNCryptor implementations.

    For users desiring a fully Objective-C solution, v3 is still available. I don't currently plan to do significant new work on v3, but will consider it if there is strong interest. Going forward, I expect most OS X and iOS projects to be able to accept a mix of ObjC and Swift code. Objective-C continues to be a fully supported language in RNCryptor 4.

    Source code(tar.gz)
    Source code(zip)
  • RNCryptor-4.0.0-beta.1(Oct 4, 2015)

    RNCryptor 4 is a complete rewrite of RNCryptor for Swift 2 with full bridging support to Objective-C. It has a streamlined API, simpler installation, and improved internals. It continues to use the v3 data format and is fully interoperable with other RNCryptor implementations.

    For users desiring a fully Objective-C solution, v3 is still available. I don't currently plan to do significant new work on v3, but will consider it if there is strong interest. Going forward, I expect most OS X and iOS projects to be able to accept a mix of ObjC and Swift code. Objective-C continues to be a fully supported language in RNCryptor 4.

    I plan to convert this to a final release in a week or so if no major issues are discovered.

    Source code(tar.gz)
    Source code(zip)
  • RNCryptor-3.0.1(Sep 17, 2015)

  • RNCryptor-3.0.0(Sep 16, 2015)

    RNCryptor v3 has one backward-incompatible change: OpenSSL support has been removed. OpenSSL encryption is not a secure format, and supporting it over-complicates RNCryptor. For those needing OpenSSL compatibility see rnapier/RNOpenSSLCryptor.

    RNCryptor now cleanly integrates with Swift as a framework. The recommended way to do this is with Carthage, but CocoaPods is also tested and works.

    A native Swift 2 version of RNCryptor is now in alpha and should be available around the time Xcode 7 is released.

    Most of the rest of the changes in RNCryptor v3 are documentation and testing related. There are a few minor improvements in robustness (most are better defensive coding and do not solve actual bugs).

    Going forward, I will be using Semantic Versioning. Previous versions of RNCryptor have not done this.

    Source code(tar.gz)
    Source code(zip)
  • RNCryptor-2.2(Dec 31, 2013)

    Version 2.2

    Version 2.2 is a fairly large release. It's been almost a year since 2.1 came out, and there are many small and large bug fixes.

    V2.2 updates the file format from 2 to 3. It will read format 2 files, but will only write format 3. These are not readable by RNCryptor v2.1. See Issue #77 for details. The PHP, Python, and Ruby implementations also write format 3 and read format 2 or 3.

    Security Issues

    • Issue #91: Use constant time HMAC comparisons to avoid timing attacks
    • Issue #77: KeyForPassword() broken for multi-byte passwords (UTF-8)

    Other Noteable Changes

    • Improved PHP, Python, and Ruby implementations
    • Improved test cases, with test vectors
    • Issue #76: Support OSX in podspec
    • Resolved static analyzer warnings
    • Ensure compatibility with iOS 4.2
    • Accept settings to RNDecryptor (Issue #65)
    • Copy password rather than retain it (Issue #64)
    • Crash when reading v1 header
    Source code(tar.gz)
    Source code(zip)
Owner
AES file format with implementations in many languages.
null
RSA public/private key encryption, private key signing and public key verification in Swift using the Swift Package Manager. Works on iOS, macOS, and Linux (work in progress).

BlueRSA Swift cross-platform RSA wrapper library for RSA encryption and signing. Works on supported Apple platforms (using Security framework). Linux

Kitura 122 Dec 16, 2022
RSA public/private key encryption, private key signing and public key verification in Swift using the Swift Package Manager. Works on iOS, macOS, and Linux (work in progress).

BlueRSA Swift cross-platform RSA wrapper library for RSA encryption and signing. Works on supported Apple platforms (using Security framework). Linux

Kitura 122 Dec 16, 2022
Helps you define secure storages for your properties using Swift property wrappers.

?? Secure Property Storage Helps you define secure storages for your properties using Swift property wrappers. ?? Features All keys are hashed using S

Alex Rupérez 443 Jan 4, 2023
Simple Objective-C wrapper for the keychain that works on Mac and iOS

SAMKeychain SAMKeychain is a simple wrapper for accessing accounts, getting passwords, setting passwords, and deleting passwords using the system Keyc

Sam Soffes 5.4k Dec 29, 2022
TouchEncryptedJson - Simple project that accepts an input and encrypts it with the TouchID on a Mac

TouchEncryptedJson Simple project that accepts an input and encrypts it with the

Charles Edge 2 Aug 29, 2022
Automatically audit your Mac for basic security hygiene.

Automatically audit your Mac for basic security hygiene The simplest security is the most important. 80% of hacks are caused by 20% of common preventa

null 229 Jan 6, 2023
Virgil Core SDK allows developers to get up and running with Virgil Cards Service API quickly and add end-to-end security to their new or existing digital solutions to become HIPAA and GDPR compliant and more.

Virgil Core SDK Objective-C/Swift Introduction | SDK Features | Installation | Configure SDK | Usage Examples | Docs | Support Introduction Virgil Sec

Virgil Security, Inc. 27 Jul 26, 2022
Safe and easy to use crypto for iOS and macOS

Swift-Sodium Swift-Sodium provides a safe and easy to use interface to perform common cryptographic operations on macOS, iOS, tvOS and watchOS. It lev

Frank Denis 483 Jan 5, 2023
Native and encrypted password manager for iOS and macOS.

Open Sesame Native and encrypted password manager for iOS and macOS. What is it? OpenSesame is a free and powerful password manager that lets you mana

OpenSesame 432 Jan 7, 2023
A wrapper to make it really easy to deal with iOS, macOS, watchOS and Linux Keychain and store your user's credentials securely.

A wrapper (written only in Swift) to make it really easy to deal with iOS, macOS, watchOS and Linux Keychain and store your user's credentials securely.

Ezequiel Aceto 2 Mar 29, 2022
Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities.

Description Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities. List of vulner

Oversecured Inc 135 Dec 15, 2022
Cloak Swift - a tool and Tuist plugin to encrypt secrets and then pass them in an obfuscated form into applications

This is Cloak Swift - a tool and Tuist plugin to encrypt secrets and then pass them in an obfuscated form into applications.

Andrew Lord 3 Nov 9, 2022
Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.

KeychainAccess KeychainAccess is a simple Swift wrapper for Keychain that works on iOS and OS X. Makes using Keychain APIs extremely easy and much mor

Kishikawa Katsumi 7.2k Dec 30, 2022
A simple Swift Keychain Wrapper for iOS, watchOS, and OS X.

Latch A simple Swift 2.0 Keychain Wrapper for iOS, watchOS 2, and OS X. Usage A proper example of how to use Latch can be seen in the tests. import La

Danielle 56 Oct 25, 2022
Simple, secure password and data management for individuals and teams

Padloc Simple, secure password and data management for individuals and teams (formerly known as Padlock). This repo is split into multiple packages: P

Padloc 2.1k Jan 8, 2023
PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. PGPro is made in Switzerland.

PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. P

Luca Näf 250 Jan 4, 2023
Helper functions for saving text in Keychain securely for iOS, OS X, tvOS and watchOS.

Helper functions for storing text in Keychain for iOS, macOS, tvOS and WatchOS This is a collection of helper functions for saving text and data in th

Evgenii Neumerzhitckii 2.3k Dec 28, 2022
Fugu14 is an iOS 14 Jailbreak, including an untether (persistence), kernel exploit, kernel PAC bypass and PPL bypass.

Fugu14 - Untethered iOS 14 Jailbreak Fugu14 is an (incomplete) iOS 14 Jailbreak, including an untether (persistence), kernel exploit, kernel PAC bypas

Linus Henze 1.3k Jan 2, 2023
A modal passcode input and validation view controller for iOS

TOPasscodeViewController A modal passcode input and validation view controller for iOS. TOPasscodeViewController is an open-source UIViewController su

Tim Oliver 381 Dec 5, 2022