#CryptoSwift
Crypto related functions and helpers for Swift implemented in Swift. (#PureSwift)
You can find preliminary Swift 3 support from branch swift3.
#Table of Contents
##Requirements Good mood
##Features
- Easy to use
- Convenient extensions for String and NSData
- iOS, OSX, AppleTV, watchOS, Linux support
- Electronic codebook (ECB)
- Cipher-block chaining (CBC)
- Propagating Cipher Block Chaining (PCBC)
- Cipher feedback (CFB)
- Output Feedback (OFB)
- Counter (CTR)
- PKCS#7
- NoPadding
##Why Why? Because I can.
##Contribution
For latest version, please check develop branch. This is latest development version that will be merged into master branch at some point.
- If you want to contribute, submit a pull request against a development
develop
branch. - If you found a bug, open an issue.
- If you have a feature request, open an issue.
##Installation
To install CryptoSwift, add it as a submodule to your project (on the top level project directory):
git submodule add https://github.com/krzyzanowskim/CryptoSwift.git
####Embedded Framework
Embedded frameworks require a minimum deployment target of iOS 8 or OS X Mavericks (10.9). Drag the CryptoSwift.xcodeproj
file into your Xcode project, and add appropriate framework as a dependency to your target. Now select your App and choose the General tab for the app target. Find Embedded Binaries and press "+", then select CryptoSwift.framework
(iOS, OS X, watchOS or tvOS)
#####iOS, OSX, watchOS, tvOS
In the project, you'll find three targets, configured for each supported SDK:
- CryptoSwift iOS
- CryptoSwift OSX
- CryptoSwift watchOS
- CryptoSwift tvOS
You may need to choose the one you need to build CryptoSwift.framework
for your application.
####Older Swift
####CocoaPods
You can use CocoaPods.
source 'https://github.com/CocoaPods/Specs.git'
platform :ios, '8.0'
use_frameworks!
pod 'CryptoSwift'
or for newest version from specified branch of code:
pod 'CryptoSwift', :git => "https://github.com/krzyzanowskim/CryptoSwift", :branch => "master"
####Carthage You can use Carthage. Specify in Cartfile:
github "krzyzanowskim/CryptoSwift"
Run carthage to build the framework and drag the built CryptoSwift.framework into your Xcode project. Follow build instructions
####Swift Package Manager
You can use Swift Package Manager and specify dependency in Package.swift
by adding this:
.Package(url: "https://github.com/krzyzanowskim/CryptoSwift.git", majorVersion: 0)
##Usage
- Basics (data types, conversion, ...)
- Calculate Hash (MD5, SHA...)
- Message authenticators (HMAC...)
- Password-Based Key Derivation Function (PBKDF2, ...)
- Data Padding
- ChaCha20
- Rabbit
- Advanced Encryption Standard (AES)
also check Playground
#####Basics
import CryptoSwift
CryptoSwift use array of bytes aka Array<UInt8>
as base type for all operations. Every data can be converted to stream of bytes. you will find convenience functions that accept String or NSData, and it will be internally converted to array of bytes anyway.
#####Data conversions
For you convenience CryptoSwift provide two function to easily convert array of bytes to NSData and other way around:
let data: NSData = NSData(bytes: [0x01, 0x02, 0x03])
let bytes:Array<UInt8> = data.arrayOfBytes()
Make bytes out of String
:
let bytes = "string".utf8.map({$0})
#####Calculate Hash
Hashing a data or array of bytes (aka Array<UInt8>
)
/* Hash enum usage */
let input:Array<UInt8> = [49, 50, 51]
let output = input.md5()
// alternatively: let output = CryptoSwift.Hash.md5(input).calculate()
print(output.toHexString())
let data = NSData()
let hash = data.md5()
let hash = data.sha1()
let hash = data.sha224()
let hash = data.sha256()
let hash = data.sha384()
let hash = data.sha512()
let crc32 = data.crc32()
let crc16 = data.crc16()
print(hash.toHexString())
Hashing a String and printing result
let hash = "123".md5()
#####Message authenticators
// Calculate Message Authentication Code (MAC) for message
let mac: Array<UInt8> = try! Authenticator.Poly1305(key: key).authenticate(message)
let hmac: Array<UInt8> = try! Authenticator.HMAC(key: key, variant: .sha256).authenticate(message)
#####Password-Based Key Derivation Function
let password: Array<UInt8> = "s33krit".utf8.map {$0}
let salt: Array<UInt8> = "nacl".utf8.map {$0}
let value = try! PKCS5.PBKDF1(password: password, salt: salt, iterations: 4096, variant: .sha1).calculate()
let value = try! PKCS5.PBKDF2(password: password, salt: salt, iterations: 4096, variant: .sha256).calculate()
value.toHexString() // print Hex representation
#####Data Padding
Some content-encryption algorithms assume the input length is a multiple of k octets, where k is greater than one. For such algorithms, the input shall be padded.
let paddedData = PKCS7().add(arr, blockSize: AES.blockSize)
####Working with Ciphers #####ChaCha20
let encrypted: Array<UInt8> = ChaCha20(key: key, iv: iv).encrypt(message)
let decrypted: Array<UInt8> = ChaCha20(key: key, iv: iv).decrypt(encrypted)
#####Rabbit
let encrypted = Rabbit(key: key, iv: iv)?.encrypt(plaintext)
let decrypted = Rabbit(key: key, iv: iv)?.decrypt(encrypted!)
#####AES
Notice regarding padding: Manual padding of data is optional and CryptoSwift is using PKCS7 padding by default. If you need manually disable/enable padding, you can do this by setting parameter for AES class
######All at once
let input = NSData()
let encrypted = try! input.encrypt(AES(key: "secret0key000000", iv:"0123456789012345"))
let input: Array<UInt8> = [0,1,2,3,4,5,6,7,8,9]
input.encrypt(AES(key: "secret0key000000", iv:"0123456789012345", blockMode: .CBC))
######Incremental updates
Incremental operations uses instance of Cryptor and encrypt/decrypt one part at time, this way you can save on memory for large files.
let aes = try AES(key: "passwordpassword", iv: "drowssapdrowssap")
var encryptor = aes.makeEncryptor()
var ciphertext = Array<UInt8>()
ciphertext += try encryptor.update(withBytes: "Nullam quis risus ".utf8.map({$0}))
ciphertext += try encryptor.update(withBytes: "eget urna mollis ".utf8.map({$0}))
ciphertext += try encryptor.update(withBytes: "ornare vel eu leo.".utf8.map({$0}))
ciphertext += try encryptor.finish()
See Playground for sample code to work with streams.
Check this helper functions to work with Base64 encoded data directly:
- .decryptBase64ToString()
- .toBase64()
######AES Advanced usage
let input: Array<UInt8> = [0,1,2,3,4,5,6,7,8,9]
let key: Array<UInt8> = [0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00]
let iv: Array<UInt8> = AES.randomIV(AES.blockSize)
do {
let encrypted = try AES(key: key, iv: iv, blockMode: .CBC, padding: PKCS7()).encrypt(input)
let decrypted = try AES(key: key, iv: iv, blockMode: .CBC, padding: PKCS7()).decrypt(encrypted)
} catch {
print(error)
}
AES without data padding
let input: Array<UInt8> = [0,1,2,3,4,5,6,7,8,9]
let encrypted: Array<UInt8> = try! AES(key: "secret0key000000", iv:"0123456789012345", blockMode: .CBC, padding: NoPadding()).encrypt(input)
Using convenience extensions
let plain = NSData()
let encrypted: NSData = try! plain.encrypt(ChaCha20(key: key, iv: iv))
let decrypted: NSData = try! encrypted.decrypt(ChaCha20(key: key, iv: iv))
// plain == decrypted
##Author
CryptoSwift is owned and maintained by Marcin Krzyżanowski
You can follow me on Twitter at @krzyzanowskim for project updates and releases.
##License
Copyright (C) 2014-2016 Marcin Krzyżanowski [email protected] This software is provided 'as-is', without any express or implied warranty.
In no event will the authors be held liable for any damages arising from the use of this software.
Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:
- The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation is required.
- Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.
- This notice may not be removed or altered from any source or binary distribution.
##Changelog
See CHANGELOG file.