Menu
The following node.js code attempts to create a cipher using AES 128 in ECB mode with an initialization vector (IV) filled with 0 bytes. << rant >>I'm aware that encrypting with ECB mode should be avoided at all costs, but it still needs to work for supporting legacy systems built before World War II (when the dangers of enciphering in ECB mode were first discovered).<< /rant >>.
let keyBuffer = Buffer.from("DoNotUseUTF8Keys",'utf8');
let ivBuffer = Buffer.alloc(16); // 16 bytes set to 0
//try {
try {
let cipher = createCipheriv("AES-128-ECB", keyBuffer, ivBuffer);
} catch (e)
{
console.log(e.message);
}
When createCipheriv (or createDeciperiv) is called, the node.js code throws "Invalid IV length".
For a 128-bit (16-byte) cipher, AES should have a 16-byte Initialization Vector (IV).
Is this a bug or am I doing something wrong?
626
The Node.js team got back to me.
"ECB doesn't utilize an IV, so you should just pass a zero-length Buffer instead"
let ivBuffer = Buffer.alloc(0);
Seems odd that the developer should have to figure out to pass a 0-length buffer rather than not passing any parameter. I wish they'd at least update the docs.
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With