For AES128 using CCCrypt() can the key be longer than 128 bits?

3.2k views Asked by At

I am using the CCCrypt method.

Can I use a longer key than than 128bit? Can it be arbitrarily long? Or perhaps multiples of 128?

If so how would I do this?

I didn't think this woas possible but I found this text: here

Some algorithms such as AES and RSA allow for keys of different lengths, but others are fixed, such as DES and 3DES. Encryption using a longer key generally implies a stronger resistance to message recovery. As usual, there is a trade off between security and time, so choose the key length appropriately.

How does AES allow for different lengths, does it ignore the bits higher than 128?

I'm pulling my hair out over this.

2

There are 2 answers

4
Paŭlo Ebermann On BEST ANSWER

AES (the Advanced Encryption Standard) is actually a collection of three related block cipher algorithms (or pairs of algorithms, if one counts encryption and decryption individually). They all work on 128-bit blocks (16 bytes).

The most commonly used one is AES-128, which takes a 128-bit key (i.e. 16 bytes). AES-192 takes a 192-bit key (24 bytes), AES-256 takes a 256-bit key (32 bytes).

These three algorithms work in similar, but still different ways (and the ones for longer keys take a bit longer, since they do more "rounds" of the internal confusion operation, so all bits of the keys can somehow influence all bits of the ciphertext). Thus all these keys for all these algorithms encrypt and decrypt differently (i.e. there is no AES-256 key which does the same thing as an AES-128 key).

That said, I unfortunately have no idea if the CommonCrypto library supports all variants of AES, and if yes (what I suppose), how to select the right one.

0
poupou On

Paulo explanation is excellent! and much better than Apple documentation on the subject ;-)

Now to put this knowledge in iOS context... you need to know that cccrypt (like its named in man pages) is often named CommonCrypto (which can facilitate your searches) elsewhere in the web site.

Yet you won't find much until you realize this part is open source software and really lacks documentation.

But once you find this you can search thru the source code to find CommonCrypto.h and discover the enums you can use, which includes: kCCKeySizeAES128, kCCKeySizeAES192 and kCCKeySizeAES256 - so YES you can use 256bits keys with AES on iOS.