AeroGear-Crypto 0.2.3

AeroGear-Crypto 0.2.3

LangLanguage Obj-CObjective C
License Apache 2
ReleasedLast Release Oct 2017

Maintained by corinne krych, Daniel Passos, Julio Cesar, Massimiliano Ziccardi.

  • By
  • Red Hat, Inc.

aerogear-crypto-ios Build Status

Project Aim

"Crypto for Humans"

The aim of the project is to provide useful and easy to use API interfaces for performing advanced cryptographic techniques in the iOS platform. Anyone who has tried to use the underlying crypto functionality APIs provided by the iOS, or to integrate with external crypto libraries like OpenSSL, can understand how frustrated the experience can be. The reasons for this are twofold. Firstly, all crypto libraries offer a variety of cryptographic primitives and you need to make a lot of decisions about which specific pieces to use. And if your decisions are wrong, the end-result will be an insecure system. Secondly, most libraries are written using the C language (and for a good reason), but this results in cumbersome usage for an obj-c developer (with potentially adverse and dangerous consequences for the unfamiliar).

By leveraging the state-of-the-art NaCl encryption library, which provides extremely powerful cryptographic primitives so the developer doesn't need to worry on choosing the "right" one and offering an easy-to-use interfaces around the platform's build-in Security and CommonCrypto services, we believe Crypto can be transformed from a frustrating experience to an enjoyable one.

We understand that applying good cryptographic techniques is not an easy task and requires deep knowledge of the underlying concepts. But we strongly believe a "friendlier" developer interface can ease that pain.

The project shares the same vision with our sibling AeroGear project AeroGear-Crypto-Java. If you are a Java developer, we strongly recommend to look at the project.

The project is also the base for providing cryptographic services to AeroGear-IOS library project.


  • iOS 7 or higher


pod "AeroGear-Crypto", '0.2.3'

Project Status

The following services are currently provided:

Getting started

Password based key derivation

AGPBKDF2 *pbkdf2 = [[AGPBKDF2 alloc] init];
NSData *rawKey = [pbkdf2 deriveKey:@"passphrase"];

Symmetric encryption

//Generate the key
AGPBKDF2 *pbkdf2 = [[AGPBKDF2 alloc] init];
NSData *privateKey = [pbkdf2 deriveKey:@"passphrase"];

//Initializes the secret box
AGSecretBox *secretBox = [[AGSecretBox alloc] initWithKey:privateKey];

NSData *nonce = [AGRandomGenerator randomBytes:32];
NSData *dataToEncrypt = [@"My bonnie lies over the ocean" dataUsingEncoding:NSUTF8StringEncoding];

NSData *cipherData = [secretBox encrypt:dataToEncrypt nonce:nonce];

AGSecretBox *pandora = [[AGSecretBox alloc] initWithKey:privateKey];
NSData *message = [secretBox decrypt:cipherData nonce:nonce];

Asymmetric encryption

//Create a new key pair
AGKeyPair *keyPairBob = [[AGKeyPair alloc] init];
AGKeyPair *keyPairAlice = [[AGKeyPair alloc] init];

//Initializes the crypto box
AGCryptoBox *cryptoBox = [[AGCryptoBox alloc] initWithKey:keyPairAlice.publicKey privateKey:keyPairBob.privateKey];

NSData *nonce = [AGRandomGenerator randomBytes:32];
NSData *dataToEncrypt = [@"My bonnie lies over the ocean" dataUsingEncoding:NSUTF8StringEncoding];

NSData *cipherData = [cryptoBox encrypt:dataToEncrypt nonce:nonce];

//Create a new box to test end to end asymmetric encryption
AGCryptoBox *pandora = [[AGCryptoBox alloc] initWithKey:keyPairBob.publicKey privateKey:keyPairAlice.privateKey];

NSData *message = [pandora decrypt:cipherData nonce:nonce];

Hashing functions

// create an SHA256 hash
AGHash *agHash = [[AGHash alloc] init:CC_SHA256_DIGEST_LENGTH];
NSData *rawPassword = [agHash digest:@"My bonnie lies over the ocean"];

// create an SHA512 hash
AGHash *agHash = [[AGHash alloc] init:CC_SHA512_DIGEST_LENGTH];
NSData *rawPassword = [agHash digest:@"My bonnie lies over the ocean"];

Digital Signatures

NSData *message = [@"My bonnie lies over the ocean" dataUsingEncoding:NSUTF8StringEncoding];

AGSigningKey *signingKey = [[AGSigningKey alloc] init];
AGVerifyKey *verifyKey = [[AGVerifyKey alloc] initWithKey:signingKey.publicKey];
// sign the message
NSData *signedMessage = [signingKey sign:message];

// should detect corrupted signature
NSMutableData *corruptedSignature = [NSMutableData dataWithLength:64];
BOOL isValid = [verifyKey verify:message signature:signedMessage];

// isValid should be YES
BOOL isValid = [verifyKey verify:message signature:corruptedSignature];
// isValid should be NO

Generation of Cryptographically secure Random Numbers

NSData *random = [AGRandomGenerator randomBytes:];

Join us

On-going work is tracked on project's [JIRA](( issue tracker as well as on our mailing list. You can also find the developers hanging on IRC, feel free to join in the discussions. We want your feedback!