适用于Android和iOS的基于密码的加密

Question

I am working on an IM app that has a native Android and a native iOS implementation. One of the required features is being able to encrypt messages by entering an ordinary password string. These messages must then be decrypted by entering this password. I was also told to "use AES".

My plan, which I have tried with near-success, is to take the password string, salt it with some context info that I know will never change, and generate a fixed-length key using something like MD5. I know this isn't super secure.

To decrypt, I repeat above, and I get the same key. Then, I decrypt the data with that key, and get the original data back.

I got this to work on Android and iOS, but they cannot decrypt each other's data, which tells me there might be implementation differences that I can't see and that I can't change. The first 16 bytes of the AES128-encrypted data on both platforms are always the same, but after that, they are completely different. What can I check for?

To be ultra-clear, the user experience is to be identical to that of sharing a zip file with a password. The user enters the password, at any time, from any device, and BAM, they get the unencrypted data. Sharing keyfiles or any of that stuff is NOT part of this.

Answer 1

1. There is no need to use any salt (at least I don't see any reason for that)
2. AES is a standard - no matter what is implementation, results will be this same.
3. This same output for first 128 bits and different rest of data means that you are using different cipher modes AES is block cipher and you are probably using it with 128b block size on both platform, so first block is encrypted this same way and next ones are encrypted with different keys. Please read more about block cipher modes