0

I'm sending some encrypted data to a client through a web service.

The client had requested that I encrypt the data using a given key and IV. I know you should ideally use a different random IV each time, and I've already raised that with them.

The IV they have provided is a string of length 25. This really doesn't seem right to me.

As far as I was aware the IV length should match the block size, so either 128, 192 or 256 bytes (String lengths 16, 24 or 32). Am I right, or am I missing something here...?

Please note that the IV was provided to me, and therefore I am not trying to pick it.

The provided IV was of the form "ghPNHfg544JUdfjdR5BGVbj67", which I not believe is correct. (The provided key was a string 16 characters long)

D Purnell
  • 9
  • 2
  • Are you sure that it isn't some encoding (Base64 or whatever may fit)? – Eugene Podskal Jul 05 '15 at 15:55
  • 1
    @user AES block length is always 16 bytes, so IV length is 16 bytes. – xanatos Jul 05 '15 at 15:55
  • thank you - the string that was sent for the iv was of the form InitialVector = "ghPNHfg544JUdfjdR5BGVbj67" – D Purnell Jul 05 '15 at 16:00
  • possible duplicate of [How to pick an appropriate IV (Initialization Vector) for AES/CTR/NoPadding?](http://stackoverflow.com/questions/4608489/how-to-pick-an-appropriate-iv-initialization-vector-for-aes-ctr-nopadding) – Davin Tryon Jul 05 '15 at 16:02
  • I already looked at that particular topic, however the IV is not being chosen by me, and was provided. – D Purnell Jul 05 '15 at 16:10
  • _either 128, 192 or 256 bytes (String lengths 16, 24 or 32)_ You can't pack 128 bytes in 16 chars. Please correct this. – H H Jul 05 '15 at 18:03
  • And a 25 long string is indeed not valid Base64. Go back to your client. – H H Jul 05 '15 at 18:09

0 Answers0