使用CommonCrypto和IV但总是返回nil

本文介绍了使用CommonCrypto和IV但总是返回nil的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我使用CommonCrypto CCCryptorCreate来解密消息。我正在使用密码和IV但它总是返回nil。

I am using the CommonCrypto CCCryptorCreate to decrypt a message. I am using a password and an IV but it always returns nil.

如果我使用CCCryptorCreate解密，但在RUBY加密期间不使用IV并且不要在obj-c解密端使用IV然后解密工作完美，我可以看到消息。

If I use the CCCryptorCreate to decrypt, but don't use an IV on during encryption on the RUBY side and don't use the IV on the obj-c decrypt side then decryption works perfectly and I can see the message.

但是如果我在RUBY上使用IV obj-c方面的IV和解密以nil消息对象结束。

But if I use an IV on the RUBY and IV on the obj-c side decryption ends with a nil message object.

我正在使用使用任何东西在Ruby-Objective / C / Decrypt中加密

OBJ-C方法：

- (NSData *) decryptedDataUsingAlgorithm: (CCAlgorithm) algorithm key: (id) key // data or string initializationVector: (id) iv // data or string options: (CCOptions) options error: (CCCryptorStatus *) error { CCCryptorRef cryptor = NULL; CCCryptorStatus status = kCCSuccess; NSParameterAssert([key isKindOfClass: [NSData class]] || [key isKindOfClass: [NSString class]]); NSParameterAssert(iv == nil || [iv isKindOfClass: [NSData class]] || [iv isKindOfClass: [NSString class]]); NSMutableData * keyData, * ivData; if ( [key isKindOfClass: [NSData class]] ) keyData = (NSMutableData *) [key mutableCopy]; else keyData = [[key dataUsingEncoding: NSUTF8StringEncoding] mutableCopy]; if ( [iv isKindOfClass: [NSString class]] ) ivData = [[iv dataUsingEncoding: NSUTF8StringEncoding] mutableCopy]; else ivData = (NSMutableData *) [iv mutableCopy]; // data or nil #if !__has_feature(objc_arc) [keyData autorelease]; [ivData autorelease]; #endif // ensure correct lengths for key and iv data, based on algorithms FixKeyLengths( algorithm, keyData, ivData ); status = CCCryptorCreate( kCCDecrypt, algorithm, options, [keyData bytes], [keyData length], [ivData bytes], &cryptor ); if ( status != kCCSuccess ) { if ( error != NULL ) *error = status; return ( nil ); } NSData * result = [self _runCryptor: cryptor result: &status]; if ( (result == nil) && (error != NULL) ) *error = status; CCCryptorRelease( cryptor ); return ( result ); } === DOES NOT WORK ==== NSData * result = [self decryptedDataUsingAlgorithm: kCCAlgorithmAES128 key: [[password dataUsingEncoding:NSUTF8StringEncoding] SHA256Hash] initializationVector: [anIV dataUsingEncoding:NSUTF8StringEncoding] options: kCCOptionPKCS7Padding error: &status]; === DOES WORK === NSData * result = [self decryptedDataUsingAlgorithm: kCCAlgorithmAES128 key: [[password dataUsingEncoding:NSUTF8StringEncoding] SHA256Hash] initializationVector: nil options: kCCOptionPKCS7Padding error: &status];

推荐答案

看起来iv可能会有所不同，请确保数据字节相同且长度正确。

Looks like the iv may be different, ensure that the data bytes are the same and the length is correct.

您希望 CCCrypt 进行一次性加密。

You want CCCrypt to do one-shot encryption.

来自Apple： CCCrypt 是无状态的一次性加密或解密操作。这基本上执行一系列 CCCrytorCreate（）， CCCryptorUpdate（）， CCCryptorFinal（）和 CCCryptorRelease（）。

From Apple: CCCrypt is a Stateless, one-shot encrypt or decrypt operation. This basically performs a sequence of CCCrytorCreate(), CCCryptorUpdate(), CCCryptorFinal(), and CCCryptorRelease().

因为你没有使用 CCCrypt 然后你必须至少为你的例子添加 CCCryptorFinal（）。

Since you are not using CCCrypt then you will have to at least add CCCryptorFinal() to your example.

另请注意，key和iv确实需要完全正确的大小（以字节为单位）。如果某些字符需要多字节编码，则使用 NSUTF8StringEncoding 可能不会产生预期的字节数。注意：i可以编码为代理对。

Also note that the key and iv really need to be exactly the correct size in bytes. Using NSUTF8StringEncoding may not produce the number of bytes expected if there are some characters that require multiple byte encodings. Note: "i" can be encoded as a surrogate pair.

不使用密码字符串而不使用 PBKDF2 生成一个好的密钥。

Do not use a password string without using PBKDF2 to generate a good key.

考虑使用 RNCryptor 除非你真的知道你在使用加密做什么。

Consider using RNCryptor unless you really know what you are doing with crypto.

以下是一次性加密/解密方法的简单示例代码> 密钥和iv必须完全是所需的长度。 任何编码（Base64，NSString等）都在此方法之外完成。

Here is simple example code of a one-shot encrypt/decrypy method The key and iv must be exactly the required length. Any encoding (Base64, NSString, etc) is done outside of this method.

+ (NSData *)doCipher:(NSData *)dataIn iv:(NSData *)iv key:(NSData *)symmetricKey context:(CCOperation)encryptOrDecrypt // kCCEncrypt or kCCDecrypt error:(NSError **)error { CCCryptorStatus ccStatus = kCCSuccess; size_t cryptBytes = 0; NSMutableData *dataOut = [NSMutableData dataWithLength:dataIn.length + kCCBlockSizeAES128]; ccStatus = CCCrypt( encryptOrDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, symmetricKey.bytes, kCCKeySizeAES128, iv.bytes, dataIn.bytes, dataIn.length, dataOut.mutableBytes, dataOut.length, &cryptBytes); if (ccStatus == kCCSuccess) { dataOut.length = cryptBytes; } else { if (error) { *error = [NSError errorWithDomain:@"kEncryptionError" code:ccStatus userInfo:nil]; } dataOut = nil; } return dataOut; }