EncryptionAlgorithm

internal enum EncryptionAlgorithm : Hashable

The enum represents various encryption algorithms used to protect sensitive data.

The EncryptionAlgorithm enum also provides a params property of type EncryptionAlgorithmParams to obtain encryption algorithm parameters and methods to encrypt/decrypt messages or to compute MAC using the chosen algorithm.

See also

EncryptionAlgorithmParams, HashAlgorithm and KeyAgreementAlgorithm

  • Declaration

    Swift

    typealias Options = CCOptions
  • DES

    DES (Data Encryption Standard) is a block cipher algorithm that transforms fixed-length plaintext with a series of complex operations into a ciphertext of the same length.

    In the case of DES the block size is 64 bits. DES also uses a key to modify the transformation so that the decryption operation can only be performed by knowing the key itself. The key is 64 bits long but only 56 of these are actually used by the algorithm. Eight bits are used only for parity checking and then discarded, which is why the effective key length is reported as 56 bits.

    Note that DES is considered insecure due to its small key size.

    Declaration

    Swift

    case DES

  • Triple DES (3DES) is an improved version of DES that uses three 56-bit DES keys for enhanced security. It operates by applying DES encryption three times in different modes. The variant DES-EDE2 uses two identical keys, resulting in a 112-bit effective key length.

    Cause the 56 bit DES key is insecure, the 3DES has been choosen as an alternative of the DES algorithm bacause it can improve security easily. It uses three DES keys, so it improves the key length with no changes on the algorithm, that is repeated three times.

    In general, the simplest version of the 3DES involves the following encryption operation: ENC(k1, ENC(k2, ENC(k3, M))), where each operation is a DES operation, k1, k2 and k3 are DES keys and M is the message to encrypt. This variant is called DES-EEE cause all the operations perform encryption (E).

    To make interoperability between 3DES and DES easier, another version, called DES-EDE, exists and it involves the following: ENC(k1, DEC(k2, ENC(k3, M))).

    Depending on the number of different DES keys used, 3DES may be usually mentioned as DES-(MODE)(KEYS), e.g. DES-EDE2 or DES-EEE3.

    NOTE: DES-EDE1 is equivalent to DES.

    Security

    In general 3DES with 3 different DES keys (3TDES) has a 168 bit key length, i.e. three DES keys of 56 bit length each (or 192 bit with parity bits). However, the guaranteed security is just 112 bit.

    The DES-EDE2 uses k1 = k3, so the key is 112 bit length with an actual key length of 128 bit.

    Declaration

    Swift

    case DESEDE2

  • Given its security and its public specifications, it is assumed that in the near future AES will be used all over the world as happened to its predecessor, the DES, which later lost its effectiveness due to intrinsic vulnerabilities.

    AES was adopted by the National Institute of Standards and Technology (NIST) and the US FIPS PUB in November 2001 after 5 years of studies, standardizations and final selection among the various proposed algorithms. In AES, the block has a fixed size of 128 bits and the key can be 128, 192 or 256 bits.

    Declaration

    Swift

    case AES(keySize: AESKeySize)

  • Declaration

    Swift

    internal var params: EncryptionAlgorithmParams { get }

  • Encrypt the given message with the given key.

    Throws

    An error if the encryption failed.

    Declaration

    Swift

    internal func encrypt(key: [UInt8], message: [UInt8], iv: [UInt8]? = nil, options: Options = 0) throws -> [UInt8]

    Parameters

    key

    The secret that has to be used to encrypt the message.
    message

    The message that has to be encrypted.
    iv

    The initialization vector (Optional).
    options

    Other option that may be applied to the cipher algorithm (Optional).

    Return Value

    The encrypted message as array of bytes.

  • Decrypt the given message with the given key.

    Throws

    An error if the decryption failed.

    Declaration

    Swift

    internal func decrypt(key: [UInt8], message: [UInt8], iv: [UInt8]? = nil, options: Options = 0) throws -> [UInt8]

    Parameters

    key

    The secret that has to be used to decrypt the message.
    message

    The message that has to be decrypted.
    iv

    The initialization vector (Optional).
    options

    Other option that may be applied to the cipher algorithm (Optional).

    Return Value

    The decrypted message as array of bytes.

  • Produce the MAC (Message Authentication Code) for the given message with the given key.

    A Block Cipher algorithm, such as DES and AES, can be used to produce a MAC for a message to provide message authenticity and integrity.

    Throws

    An error if MAC computation failed.

    Declaration

    Swift

    internal func mac(key: [UInt8], message: [UInt8]) throws -> [UInt8]

    Parameters

    key

    The secret that has to be used to produce the MAC of the message.
    message

    The message that has to be MACed.

    Return Value

    The MAC as array of bytes.