Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to make IvParameterSpec random but still decrypt

For Encryption in Java... the article at http://cwe.mitre.org/data/definitions/329.html states that the Initialization Vector should be different each time, but if I use a different IV to decrypt than the one I used to encrypt, I get garbage characters instead of the data I expected.

What is the proper way to encrypt on one server and decrypt on another without having to communicate the IV back and forth in between servers?

The common technique seems to be to hardcode a byte array, but supposedly that's insecure???

like image 595
Michael Akerman Avatar asked Sep 01 '11 20:09

Michael Akerman


People also ask

Does IV have to be same for encryption and decryption?

You need to use the same IV for encryption and decryption.

Do I need IV for decryption?

Yes, you must provide the same IV for encryption and decryption.

Does the IV need to be unique?

The requirements for IV uniqueness depend on the "mode" in which the cipher is used. For CBC, the IV should be unpredictable for a given message. For CTR, the IV has to be unique, period.


1 Answers

I believe an IV is like a salt - it's not a secret, it's just used to introduce an extra element of randomness so that the same message encrypted with the same key still comes out differently each time.

So you can transmit the IV used to encrypt as part of the encrypted value, just like you'd store the salt along with a hash for a hashed value.

Of course, I could be completely incorrect...

like image 170
Jon Skeet Avatar answered Oct 19 '22 23:10

Jon Skeet