dougao9864 2019-09-12 05:31
浏览 233
已采纳

swift API SecKeyCreateEncryptedData使用的其他经过身份验证的数据是什么?

I am using rsaEncryptionOAEPSHA256AESGCM to encrypt some data using SecKeyCreateEncryptedData on iOS and then decrypting the same data on backend in golang. I am using a 3072 bit rsa public key to encrypt the symmetric key. When I get the data from iOS to backend, I am successfully able to decrypt the symmetric key but the gcm tag verification fails. I am using the same 16-byte IV that iOS uses but have no idea if iOS is using any aad(additional authentication data) when encrypting. Does anyone know if rsaEncryptionOAEPSHA256AESGCM for iOS uses some aad? This is for iOS 10+.

I have already tried using nil, empty 16 byte array, the aes key itself, nonce as the aad but none of these worked.

In Swift:

private let algorithm = SecKeyAlgorithm.rsaEncryptionOAEPSHA256AESGCM
// Key is 3072 bit RSA public key
// API doesnt take any aad
SecKeyCreateEncryptedData(key, algorithm, cfData, &error)

In Golang:

c, err := aes.NewCipher(aesKey)
gcm, err := cipher.NewGCMWithNonceSize(c, 16)
nonce := make([]byte, 16)
// Data has both the ciphertext and the gcm tag as the last 16 bytes
// Last field in the api is the aad
dec, err := gcm.Open(nil, nonce, data, nil)

This is the error I see in golang "cipher: message authentication failed" and the error is thrown from the code which validates the gcm tag.

  • 写回答

1条回答 默认 最新

  • doulei8475 2019-09-12 06:50
    关注

    Found it. AAD is the RSA public key in ASN.1 DER format.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?