1

I am trying to encrypt a text file with opensslusing aes-128-cbc encryption and I was wondering if there was a way I could encrypt it only using the key and not the iv?

Everytime I try to run: 

openssl enc -aes-128-cbc -e -in dummy_file.txt -out dummy.aes-128-cbc.bin -K 00112233445566778889aabbccddeeff

I get the error saying iv undefined and the encrypted file it generates is empty and it is not even a binary file.

jww
  • 97,681
  • 90
  • 411
  • 885
Shehzaan
  • 49
  • 1
  • 6
  • I'm pretty sure you would have to make some effort to not find the question and answer on numerous Stack Exchange sites. [Precisely how does CBC mode use the initialization vector?](https://crypto.stackexchange.com/q/29134/10496), [Is CBC mode with a fixed IV secure](https://crypto.stackexchange.com/q/47328/10496), [AES/CBC fixed Initial vector use-case](https://crypto.stackexchange.com/q/16438/10496), [Initialization Vector (IV) in CBC mode for AES](https://stackoverflow.com/q/38928155/608639), [Good AES Initialization Vector practice](https://stackoverflow.com/q/8041451/608639), etc. – jww Oct 13 '17 at 18:31
  • AES CBC *crypto puzzle*... – Antti Haapala -- Слава Україні Oct 16 '17 at 13:38

1 Answers1

8

No, that's not possible, CBC requires an IV. You can however set the IV to all zeros. As the IV is XOR'ed with the first block of plaintext before encryption, this comes down to having no IV at all: you would directly encrypt the first block of plaintext with the block cipher.

Note that creating multiple ciphertext with the same key and IV will not result in a secure cipher. For CBC it is required to have a random (or at least unpredictable) IV. Otherwise an attacker can at least see which plaintext start with identical blocks of data.

The IV always consists of 16 bytes for AES, which comes down to 32 hexadecimal zeros, of course for the -iv command line parameter of openssl.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Thank you Maarten, this is exactly what I was looking for. I totally forgot that IV gets XOR'ed so I can leave them with just 0's. – Shehzaan Oct 13 '17 at 14:25
  • Just one more question Maarten, is it possible for the key to be a word rather than hex digits? – Shehzaan Oct 13 '17 at 14:33
  • 2
    A key for AES can be 16, 24 or 32 randomized bytes - nothing more, nothing less. You can use a password hash (with salt and iteration count) to generate an AES key however. That's actually the standard behavior of `openssl` without the `-K` option although it only uses a 8 byte salt and worse, a weak password hashing scheme with iteration count set to 1. That's OK as long as your password is *very, very strong*. It will prefix a magic and the salt to your file though and - specially for you - it will generate a key **and** random IV from the salt and password. – Maarten Bodewes Oct 13 '17 at 14:36
  • 2
    For school projects it may be that the key consists of the ASCII encoding of the key followed by zero valued bytes up to 16 bytes. In either way, the teacher should get a good kicking for this question. – Maarten Bodewes Oct 13 '17 at 14:43
  • After reading the spec sheet more carefully, it says the password is not salted and I was not doing that in the command. After digging in some manual pages, I was able to run this command: `openssl enc -aes-128-cbc -e -in dummy_file.txt -out dummy.aes-128-cbc.bin -k helloworld -nosalt` – Shehzaan Oct 15 '17 at 08:45
  • OK. Note that without salts the encrypted files are not as secure as they should be: you should be able to easily distinguish files that have the same initial data and the same password. The magic (the string "Salted__") and salt are then probably missing from the start of the encrypted file. – Maarten Bodewes Oct 16 '17 at 14:32
  • 1
    FYI: openssl v1.1.1 supports a stronger key derivation function, where the key is derived from the password using pbkdf2 with a randomly generated salt, and multiple iterations of sha256 hashing (10,000 by default). See https://stackoverflow.com/questions/16056135/how-to-use-openssl-to-encrypt-decrypt-files/61166202#61166202 for more info. – mti2935 Jul 25 '20 at 02:34