--- source_url: https://www.pubnub.com/docs/sdks/objective-c/api-reference/encryption title: Encryption API for Objective-C SDK updated_at: 2026-06-22T14:40:12.075Z sdk_name: PubNub Objective-C SDK sdk_version: 7.0.3 --- > Documentation Index > For a curated overview of PubNub documentation, see: https://www.pubnub.com/docs/llms.txt > For the full list of all documentation pages, see: https://www.pubnub.com/docs/llms-full.txt # Encryption API for Objective-C SDK PubNub Objective-C SDK, use the latest version: 7.0.3 Install: ```bash pod install PubNub@7.0.3 ``` PubNub Objective-C SDK includes message encryption. This page explains how to configure the `cryptoModule` and how to encrypt and decrypt data. The SDK supports 128-bit Advanced Encryption Standard (AES) and 256-bit AES in Cipher Block Chaining (CBC) mode (AES-CBC). For general SDK configuration and initialization, refer to the [Configuration](https://www.pubnub.com/docs/sdks/objective-c/api-reference/configuration) page. ## Configuration ### cryptoModule configuration To configure the `cryptoModule` to encrypt all messages/files, you can use the following methods in the Objective-C SDK: ```objectivec // encrypts using 256-bit AES-CBC cipher (recommended) // decrypts data encrypted with the legacy and the 256-bit AES-CBC ciphers config.cryptoModule = [PNCryptoModule AESCBCCryptoModuleWithCipherKey:@"enigma" randomInitializationVector:YES]; // encrypts with 128-bit cipher key entropy (legacy) // decrypts data encrypted with the legacy and the 256-bit AES-CBC ciphers config.cryptoModule = [PNCryptoModule legacyCryptoModuleWithCipherKey:@"enigma" randomInitializationVector:YES]; ``` The client can decrypt content from either module. You can read historical messages and messages from older clients, and you can encrypt new messages with 256-bit AES-CBC. :::warning Older SDK versions Apps built using the SDK versions lower than 5.1.3 will not be able to decrypt data encrypted using the 256-bit AES-CBC cipher. Update your clients or encrypt data using the legacy algorithm. ::: :::note SDK initialization required Before you use encryption methods, ensure your PubNub client is configured with a subscribe key and a user ID. See the [Configuration guide](https://www.pubnub.com/docs/sdks/objective-c/api-reference/configuration#initialization) for setup instructions. ::: ### Relationship between cryptoModule and cipher keys The `cryptoModule` supersedes cipher-key parameters. Passing a direct cipher key to a method (where available) overrides the configured `cryptoModule` for that operation and uses legacy AES-128 encryption. For partial encryption, create a separate `cryptoModule` instance and use it only where needed. ## Encryption methods ### Encrypt Use this function to encrypt data. :::warning Deprecated This method uses the legacy encryption with 128-bit cipher key entropy. For more information, refer to [Crypto module configuration](https://www.pubnub.com/docs/sdks/objective-c/api-reference/configuration#cryptomodule). ::: #### Method(s) To `encrypt` the data you can use the following method(s) in Objective-C SDK. ```objectivec + (nullable NSString *)encrypt:(NSData *)data withKey:(NSString *)key; ``` | Parameter | Type | Required | Default | Description | | --- | --- | --- | --- | --- | | data | NSData | Yes | | Reference on `NSData` object which should be encrypted. | | key | NSString | Yes | | Reference on `key` which should be used to `encrypt` data basing on it. | ```objectivec + (nullable NSString *)encrypt:(NSData *)data withKey:(NSString *)key andError:(NSError *__autoreleasing *)error; ``` | Parameter | Description | | --- | --- | | `data` *Type: NSData | Reference on `NSData` object which should be encrypted. | | `key` *Type: NSString | Reference on `key` which should be used to `encrypt` data basing on it. | | `error`Type: NSError | Reference on pointer into which encryption `error` will be stored in case of encryption failure. Error can be related to JSON string serialization and encryption itself. | #### Sample code ##### Encrypt part of message ```objectivec PNCryptoModule *aesCBCCrypto = [PNCryptoModule AESCBCCryptoModuleWithCipherKey:@"enigma" randomInitializationVector:YES]; NSString *message = @"No one should see me as plain"; NSData *messageData = [message dataUsingEncoding:NSUTF8StringEncoding]; NSString *secretMessage = [aesCBCCrypto encrypt:messageData]; ``` #### Returns Encrypted `Base64-encoded` string received from Foundation object. `nil` will be returned in case of failure. ## Decryption methods ### Decrypt Use this function to decrypt data. :::warning Deprecated This method uses the legacy encryption with 128-bit cipher key entropy. For more information, refer to [Crypto module configuration](https://www.pubnub.com/docs/sdks/objective-c/api-reference/configuration#cryptomodule). ::: #### Method(s) To `decrypt` the data you can use the following method(s) in Objective-C SDK. ```objectivec + (nullable NSData *)decrypt:(NSString *)object withKey:(NSString *)key; ``` | Parameter | Description | | --- | --- | | `object` *Type: NSString | Reference on previously encrypted `Base64-encoded` string which should be decrypted. | | `key` *Type: NSString | Reference on `key` which should be used to `decrypt` data. | ```objectivec + (nullable NSData *)decrypt:(NSString *)object withKey:(NSString *)key andError:(NSError *__autoreleasing *)error; ``` | Parameter | Description | | --- | --- | | `object` *Type: NSString | Reference on previously encrypted `Base64-encoded` string which should be decrypted. | | `key` *Type: NSString | Reference on `key` which should be used to `decrypt` data. | | `error`Type: NSError | Reference on pointer into which decryption `error` will be stored in case of decryption failure. Error can be related to JSON string deserialization and decryption itself. | #### Sample code ##### Decrypt part of message ```objectivec PNCryptoModule *aesCBCCrypto = [PNCryptoModule AESCBCCryptoModuleWithCipherKey:@"enigma" randomInitializationVector:YES]; NSString *encryptedMessage = messagePayload[@"secret"]; NSData *secureData = [[NSData alloc] initWithBase64EncodedString:encryptedMessage options:0]; NSData *messageData = [aesCBCCrypto decrypt:secureData]; NSString *decryptedMessage = [[NSString alloc] initWithData:messageData encoding:NSUTF8StringEncoding]; ``` #### Returns Initial `NSData` which has been encrypted earlier. `nil` will be returned in case of decryption error. ## Terms in this document * **Subscribe Key** - A unique identifier that allows your application to receive messages from PubNub channels. It's part of your app's credentials and should be kept secure. * **User** - An individual or entity that interacts with a system, application, or service. In PubNub, a user typically refers to someone who sends or receives messages through the platform, identified by a unique user ID or username. * **User ID** - UTF-8 encoded, unique string of up to 92 characters used to identify a single client (end user, device, or server) that connects to PubNub.