AES Encryption – Key versus IV

by

As you can see from the other answers, having a unique IV per encrypted file is crucial, but why is that?

First – let’s review why a unique IV per encrypted file is important. (Wikipedia on IV). The IV adds randomness to your start of your encryption process. When using a chained block encryption mode (where one block of encrypted data incorporates the prior block of encrypted data) we’re left with a problem regarding the first block, which is where the IV comes in.

If you had no IV, and used chained block encryption with just your key, two files that begin with identical text will produce identical first blocks. If the input files changed midway through, then the two encrypted files would begin to look different beginning at that point and through to the end of the encrypted file. If someone noticed the similarity at the beginning, and knew what one of the files began with, he could deduce what the other file began with. Knowing what the plaintext file began with and what it’s corresponding ciphertext is could allow that person to determine the key and then decrypt the entire file.

Now add the IV – if each file used a random IV, their first block would be different. The above scenario has been thwarted.

Now what if the IV were the same for each file? Well, we have the problem scenario again. The first block of each file will encrypt to the same result. Practically, this is no different from not using the IV at all.

So now let’s get to your proposed options:

Option 1. Embed hard-coded IV within the application and save the key in the key file.

Option 2. Embed hard-coded key within the application and save the IV in the key file.

These options are pretty much identical. If two files that begin with the same text produce encrypted files that begin with identical ciphertext, you’re hosed. That would happen in both of these options. (Assuming there’s one master key used to encrypt all files).

Option 3. Save both the key and the IV in the key file.

If you use a random IV for each key file, you’re good. No two key files will be identical, and each encrypted file must have it’s key file. A different key file will not work.

PS: Once you go with option 3 and random IV’s – start looking into how you’ll determine if decryption was successful. Take a key file from one file, and try using it to decrypt a different encryption file. You may discover that decryption proceeds and produces in garbage results. If this happens, begin research into authenticated encryption.

More Related Contents:

  1. How to choose an AES encryption mode (CBC ECB CTR OCB CFB)?
  2. Example of AES using Crypto++ [closed]
  3. decrypt with public key [closed]
  4. Java 256-bit AES Password-Based Encryption
  5. AES Encryption for an NSString on the iPhone
  6. SQLite with encryption/password protection
  7. How to add/remove PKCS7 padding from an AES encrypted string?
  8. JavaScript string encryption and decryption?
  9. How to encrypt file from SD card using AES in Android?
  10. Difference between encoding and encryption
  11. Encrypt and decrypt with AES and Base64 encoding
  12. AES interoperability between .Net and iPhone?
  13. encryption/decryption with multiple keys
  14. Why does my AES encryption throws an InvalidKeyException?
  15. Decrypting AES256 with node.js returns wrong final block length
  16. How to decode a string encoded with openssl aes-128-cbc using java?
  17. How to decrypt an encrypted AES-256 string from CryptoJS using Java? [closed]
  18. Any cocoa source code for AES encryption decryption?
  19. Secure Online Highscore Lists for Non-Web Games
  20. Should I use an initialization vector (IV) along with my encryption?
  21. Size of data after AES/CBC and AES/ECB encryption
  22. How does a cryptographically secure random number generator work?
  23. AES Encryption in Java and Decryption in C#
  24. What (pure) Python library to use for AES 256 encryption? [closed]
  25. AES/CBC/PKCS5Padding in iOS objective c result differs from Android
  26. How to see the encrypted key in wireshark, during ssl key exchange?
  27. Is it possible to encrypt data with AES (256 bit) GCM mode in .net framework 4.7?
  28. AES string encryption in Objective-C
  29. Java AES 128 encrypting differently to openssl
  30. AES/CBC/PKCS5Padding vs AES/CBC/PKCS7Padding with 256 key size performance java

Leave a Comment