search

henrinormak / Heimdall

Heimdall is a wrapper around the Security framework for simple encryption/decryption operations.
MIT License
402 stars 68 forks source link

Encryption issue in V1.0.0 #40

Closed sjacs5537 closed 7 years ago

sjacs5537 commented 8 years ago

Hi,

I use V0.3.0 which can encrypt the text by following code successfully

localHeimdall = Heimdall(tagPrefix: "com.test", keySize: 512)
let encryptedMessage = localHeimdall.encrypt("123")

but the result become nil after I upgrade to V1.0.0

I tried to set a breakpoint in public func encrypt(data: NSData) -> NSData? in"Heimdall.swift", I notice that the status is -50 and will return nil in

if status != noErr {
                    return nil
                }

Could you please help?

sjacs5537 commented 8 years ago

I tried to use a new tagPrefix, it seems it will work after init setting with keysize = 1024 and change back to 512 localHeimdall = Heimdall(tagPrefix: "com.test", keySize: 1024) If keysize = 512 during first init, the result must return nil no matter I set back to 1024 and reinstall the app

henrinormak commented 8 years ago

Is there a specific reason for such a small key?

sjacs5537 commented 8 years ago

We use bluetooth 4.0 to transmit data and RSA cryptography for data transmission. Considered with security issues and performance, the key size is arranged as 512 bits.

henrinormak commented 8 years ago

The problem is simple, with the updated encryption logic, the smallest usable size for the key is 1024. You can read about it in #37 and #36. If you absolutely must use a size 512 key, then my immediate recommendation would be to not use 1.0.0 and instead use the previous version (which is less secure, but works with a smaller key).

sjacs5537 commented 8 years ago

Thanks for getting back to me so soon.

I have already switched back to V0.3.0, and hope it will support a smaller key if possible in future