New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update symmetric to use naci instead #18
Conversation
@@ -30,7 +30,7 @@ pod "AeroGear-Crypto", '0.2.0' | |||
## Project Status | |||
The following services are currently provided: | |||
|
|||
* A [Symmetric encryption](http://en.wikipedia.org/wiki/Symmetric-key_algorithm) interface | |||
* A [Symmetric encryption](http://nacl.cr.yp.to/secretbox.html) interface | |||
* An [Asymmetric encryption interface](http://nacl.cr.yp.to/box.html) | |||
* Password based key generation using [PBKDF2](http://en.wikipedia.org/wiki/PBKDF2) | |||
* Generation of Cryptographically secure [random numbers](http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/Cryptographically/cryptographically/
+1 |
Actually trying to use this version in AeroGear-iOS (replacing AGCryptoBox by AGSecretBox ) I run into issue in [1] when trying to initialize a crypto box with a KDF derived key because its length (160bytes does not comply with [2]) [1] https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/security/AGPassphraseEncryptionServices.m#L32 |
@cvasilak the PR looks, however the test with @corinnekrych's scenario is failing to me. Please take a look:
I was concerned about SecretBox in C, so I did the same experiment with Kalium (abstractj/kalium@2a07397) and seems to be working correctly. |
Using @abstractj test case on @cvasilak brnahc and removing key length check: I wonder if the status code == 0 really means a failure.... |
the error here seems to be the incorrect key length specified when initialising SecretBox, making the assertion to fail. It expects 32 bytes but the default AGPBKDF2 class generates 160 bytes. @abstractj the DERIVED_KEY_LENGTH used in Pbkdf2 is 32 bytes (256 bits). Replacing here with that size, makes the test run. Unfortunately, I can't recall why the use of 160 bytes as the minimum derived key. I think this should be replaced on our side with the correct 32, wdyth? |
@cvasilak aloha, I think is the way to go. Once the SecretBox will expect bytes, instead of bits. Thanks for the explanation |
+1 |
Gave @cvasilak branch a shot -> 👍 |
Oh, should we change all the 5.0 references, like: to 7.0 ? |
thanks @matzew done |
@cvasilak landed, thank you |
done for AGIOS-172