AES 256 Encryption/Decryption without IV

encryption cryptography aes
18,337

Solution 1

You must store the initialization vector somewhere. Because, conceptually, in CBC mode the IV is the "zeroth" block of ciphertext, some people store it as prefix to the ciphertext. Most low-level decryption libraries don't expect this, however, so the application usually needs to provide a wrapper that handles adding this prefix after encryption and removing it before decryption.

Ideally, you should store encrypted values with some metadata that specifies the encryption algorithm that was used, any parameters that are needed, and indicates what key (note below!) is used. This would include the IV for a block cipher that used CBC. A standard format for this is the Cryptographic Message Syntax, or PKCS #7. Because it's a standard, you will likely have several options for an open-source library to handle the format.

By including this metadata, you can do things like rotate keys over time, or migrate data to new algorithms. You don't have to have every value encrypted the same way with the same key.

Note: When I say that the metadata indicates the key used, this doesn't mean the key itself is included, of course! For pre-shared keys, it's just an label that tells you which key on your big keyring will decrypt the payload. For password-based encryption, there would be information about how to derive a proper key from the implied password.

Solution 2

You can concatenate the IV with the ciphertext (its length is known and constant), or you can store them next to each other in the DB. The IV isn't a secret; it just ensures that the block cipher is initialized differently per encryption so that brute-forcing one file decryption doesn't compromise all the others.

Share:
18,337
Giorgio
Author by

Giorgio

Updated on June 11, 2022

Comments

  • Giorgio
    Giorgio almost 2 years

    I'm developing an application that communicates with a DB located on a VPS. I need to store an information, encrypted with AES-256, in my DB.

    If I'm correct, when I encrypt, there's an IV parameter which is generated and is different for each encryption. However when I decrypt, I don't have this parameter because I only have the key and the encrypted text in the DB.

    What can I do to solve this problem?

  • Maarten Bodewes
    Maarten Bodewes about 8 years
    "so that brute-forcing one file decryption doesn't compromise all the others" is wrong for obvious reasons. Brute forcing would mean retrieving the key (which is next to impossible for AES anyway, given a well-chosen key). If the key is known by the attacker the other ciphertexts will also be compromised. For CBC mode repeating the IV would mean you can distinguish (partially) identical plaintext from (partially) identical ciphertext. For e.g. CTR mode the ramifications would be much larger, up to nullifying the confidentiality.
  • David S.
    David S. about 8 years
    Nope. IV is the "zeroth" block of a chain cipher. An IV needs to be (1) random, (2) Unpredictable, but (3) not secret. stackoverflow.com/questions/5796954/…
  • Maarten Bodewes
    Maarten Bodewes about 8 years
    That's all correct. The fact that a unique IV is required so that "brute forcing one file decryption doesn't compromise all the others" isn't correct. You would be able to compromise CTR mode through simple XOR'ing if you reuse the IV, but that attack would not be brute forcing. Brute forcing is about finding the right key to the permutation of the block cipher. The IV doesn't protect anything when the attacker has found the key. But OK, it seems you didn't confuse IV and salt, so I'll remove that comment.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Encrypted in Java and Decrypting in dart flutter
Getting error "wrong final block length" when decrypting AES256 cipher
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error
AES in ASP.NET with VB.NET
Java AES encryption/decryption procedure and usage of Initialization Vector
Strength of RSA Encrypting an AES Key
AES-128 CBC decryption in Python
Simple AES encryption decryption with openssl library in C
AES Encryption IV's
Reading from a cryptostream to the end of the stream