Encrypt Login Credentials in Objective-C and decrypt in PHP

I searched around for hours to find something that might help me with what im trying to do but couldn't find anything that I got to work.

Basically what I am trying to do is encrypt the login credentials (username and password) in my iPhone application, send them to a php file on my server, decrypt them and validate the contents in a database.

I am pretty well versed in iPhone development but far from confidant with anything cryptography/security related. I think I am doing the local iphone encryption correctly as well as sending the blob of encrypted data correctly but have no idea where to begin on the php decryption side.

Heres some of the code im using

NSString* stringTo = @"Test Encoding String";
NSString* key = @"1234567812345678";
NSData* encrypedData = [[stringTo dataUsingEncoding:NSUTF8StringEncoding] AES256EncryptWithKey:key];

NSString* decrypt = [[NSString alloc] initWithData:[encrypedData AES256DecryptWithKey:key] encoding:NSUTF8StringEncoding];
NSLog(@"\nDECRYPT :%@", decrypt); // DOES RETURN THE SAME VALUE


NSString *urlString = @"SERVERNAME/FILE.php";

NSMutableURLRequest *request = [[[NSMutableURLRequest alloc] init] autorelease];
[request setURL:[NSURL URLWithString:urlString]];
[request setHTTPMethod:@"POST"];

NSString *boundary = [NSString stringWithString:@"---------------------------14737809831466499882746641449"];
NSString *contentType = [NSString stringWithFormat:@"multipart/form-data; boundary=%@", boundary];
[request addValue:contentType forHTTPHeaderField:@"Content-Type"];

NSMutableData *body = [NSMutableData data];

[body appendData:[[NSString stringWithFormat:@"\r\n--%@\r\n", boundary] dataUsingEncoding:NSUTF8StringEncoding]];
[body appendData:[[NSString stringWithString:@"Content-Disposition: form-data; name=\"encryptedString\"\r\n\r\n"] dataUsingEncoding:NSUTF8StringEncoding]];
[body appendData:encrypedData];
[body appendData:[[NSString stringWithFormat:@"\r\n--%@--\r\n", boundary] dataUsingEncoding:NSUTF8StringEncoding]];

[request setHTTPBody:body];

NSData *returnData = [NSURLConnection sendSynchronousRequest:request returningResponse:nil error:nil];
NSString *returnString = [[NSString alloc] initWithData:returnData encoding:NSUTF8StringEncoding]; 
NSLog(@"RS: %@", returnString);

Thanks a lot for any help. Ive been looking for a while and haven't found anything that worked for me. Thought their would be more out there with a开发者_开发百科 similar question to me since it seems like something that would be commonly used.

---

First, why do you need to send the password to the server encrypted? Why not just send it over an SSL connection and then have the server verify that the password matches against the password hashes in the database? Also, there should be no need to encrypt the username. Just the password.

In order to encrypt and then decrypt, you are going to need some sort of encryption key or passphrase that you can memorize. I would recommend storing your password encrypted on the iPhone and then simply a hash of it on the server. You can use php's crypt() functions to easily create the hashes and store them in a database.