dougao9864
dougao9864
2019-09-12 05:31

swift API SecKeyCreateEncryptedData使用的其他经过身份验证的数据是什么?

I am using rsaEncryptionOAEPSHA256AESGCM to encrypt some data using SecKeyCreateEncryptedData on iOS and then decrypting the same data on backend in golang. I am using a 3072 bit rsa public key to encrypt the symmetric key. When I get the data from iOS to backend, I am successfully able to decrypt the symmetric key but the gcm tag verification fails. I am using the same 16-byte IV that iOS uses but have no idea if iOS is using any aad(additional authentication data) when encrypting. Does anyone know if rsaEncryptionOAEPSHA256AESGCM for iOS uses some aad? This is for iOS 10+.

I have already tried using nil, empty 16 byte array, the aes key itself, nonce as the aad but none of these worked.

In Swift:

private let algorithm = SecKeyAlgorithm.rsaEncryptionOAEPSHA256AESGCM
// Key is 3072 bit RSA public key
// API doesnt take any aad
SecKeyCreateEncryptedData(key, algorithm, cfData, &error)

In Golang:

c, err := aes.NewCipher(aesKey)
gcm, err := cipher.NewGCMWithNonceSize(c, 16)
nonce := make([]byte, 16)
// Data has both the ciphertext and the gcm tag as the last 16 bytes
// Last field in the api is the aad
dec, err := gcm.Open(nil, nonce, data, nil)

This is the error I see in golang "cipher: message authentication failed" and the error is thrown from the code which validates the gcm tag.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • doulei8475 doulei8475 2年前

    Found it. AAD is the RSA public key in ASN.1 DER format.

    点赞 评论 复制链接分享