Best IT Recipes

AES Encryption - Key Versus IV

The application I'm working on allows the user to encrypt files. Files can be of any format (spreadsheet, document, presentation, etc.).

For the specified input file, I create two output files - an encrypted data file and a key file. You need both of these files to get the source data. The key file should only work in the corresponding data file. It should not work with any other file, or from the same user or from any other user.

The AES algorithm requires two different parameters for encryption, a key and an initialization vector (IV).

I see three options for creating a key file:

  • Insert the hardcoded IV inside the application and save the key in the key file.
  • Insert the hard-coded key into the application and save the IV file in the key file.
  • Save the key and IV in the key file.

Please note that this is the same application that is used by different clients.

It seems that all three options will achieve the same ultimate goal. However, I would like to receive your feedback on what the right approach should be.

+47
encryption aes
Jan 29 2018-12-12T00:
source share
3 answers

As you can see from the other answers, having a unique IV per encrypted file is crucial, but why is this?

First, let's look at why it is important to have a unique IV per encrypted file. ( Wikipedia on IV ). IV adds randomness to the start of your encryption process. When using the coded block encryption mode (where one block of encrypted data includes the previous block of encrypted data), we still have a problem with the first block, which includes IV.

If you did not have an IV and used encrypted block encryption with only your key, two files that begin with identical text will create identical first blocks. If the input files have changed halfway, then the two encrypted files will begin to look different from this point to the end of the encrypted file. If someone noticed a similarity at the beginning and knew where one of the files started, he could determine where the other file started. Knowing what started with the plaintext file and that it matches the encrypted text can allow that person to determine the key and then decrypt the entire file.

Now add an IV - if a random IV is used in each file, their first block will be different. The above scenario has been foiled.

Now, what if the IVs were the same for each file? Well, we again have a problematic scenario. The first block of each file will encrypt the same result. In practice, this is no different from not using IV at all.

So now let's look at your options:

Option 1. Insert the hard-coded IV inside the application and save the key in the key file.

Option 2. Insert the hard-coded key into the application and save the IV in the key file.

These options are pretty much identical. If two files that start with the same text create encrypted files that start with the same encrypted text, you are closed. This will happen in both of these options. (Assuming that one master key is used to encrypt all files).

Option 3. Save the key and IV in the key file.

If you use random IV for each key file, you are good. There are no two key files that will be identical, and each encrypted file must have a key file. Another key file will not work.

PS: After you go with option 3 and random IV - start to study how you determine if the decryption was successful. Take the key file from one file and try to use it to decrypt another encryption file. You may find that decryption continues and produces in garbage results. If this happens, start researching authenticated encryption .

+62
Jan 29 2018-12-12T00:
source share

The important thing in IV is that you should never use the same IV for two messages . Everything else is secondary - if you can ensure uniqueness, randomness is less important (but still a very good thing!). IV should not be (and indeed cannot be in CBC mode) secret.

Thus, you do not have to save the IV along with the key - this implies that you use the same IV for each message that defeats the point with IV. Usually you simply add IV to the encrypted file explicitly.

If you intend to translate your own encryption methods, please refer to the relevant standards. NIST has a good document on encryption modes: http://dx.doi.org/10.6028/NIST.SP.800-38A The fourth generation is described in Appendix C. Cryptography is a subtle art . Resist the temptation to create variations in regular cipher modes; 99% of the time you will create something more secure, but actually less secure.

+22
Jan 29 2018-12-01T00:
source share

When you use IV, the most important thing is that IV should be as unique as possible, so in practice you should use random IV. This means that embedding it in your application is not an option. I would save the IV in the data file, as it did not compromise security as long as the IV is random / unique .

+10
Jan 29 2018-12-12T00:
source share


More articles:


All Articles