0

I have aes-256-cfb decryption code in ruby as follows.

data_cipher = OpenSSL::Cipher::Cipher.new "aes-256-cfb".freeze
data_cipher.decrypt
data_cipher.key = encryption_key
data_cipher.update(decode64(str)) << data_cipher.final

I need the python equivalent of this above code. My problem here is, where ever i found python logic for aes-256-cfb it always involved Initialization vector(IV). But in the above Ruby logic, iv is not set.

I tried with Random values of iv, but that is not giving me the same result as ruby code.

Please advise.

Plaban Rout
  • 1
  • 1
  • 1
  • Did you try 0 or 0x00 (or a array of those) as IV? For aes-256-cfb you always need a IV to encrypt data. If you are not specifying the IV at encryption time, it will likely be just null/zero. – NoConnection Mar 31 '20 at 12:13
  • Also, aes-256-cfb uses the IV only in the first encrypted block, which means if you are using a random IV, only the first block (the first 128 bits) of the data will be decrypted wrongly. Everything starting from the second block should decrypt just fine – NoConnection Mar 31 '20 at 12:23
  • Its not allowing me to set IV as above values(0, 0x00). – Plaban Rout Apr 01 '20 at 22:00
  • Hi Guys..Any other suggestions ??? Really Struggling on this topic. – Plaban Rout Apr 07 '20 at 13:46

1 Answers1

0

For AES-256-CFB there is always a iv needed for encryption. If no iv is given, most likely it will be just zero (which means 16 0x00 bytes, as the iv is equal to the blocksize, which is 128bit). Another option would be that the iv is randomly generated at encryption time and is encapsulated in the message. That would mean, that the first 16 byte of the message are the iv. If you don't know how the encryption algorith works, you will probably need to try this out.

However, since the iv is only used to decrypt the first block in CFB mode, if you have a long enough message, the decryption will work just fine even if the iv is wrong (except for the first 128 bit of the message).

Below is a code sample, how decryption works in python. You need to know the iv before encryption. In the sample below I initialized it with zero bytes.

Note that this code only handles decryption of the raw message bytes. You will need to care about the encoding yourself.

from Crypto import Random
from Crypto.Cipher import AES

def decrypt(key, enc):
    iv = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
    cipher = AES.new(key, AES.MODE_CFB, iv)
    return cipher.decrypt(enc)

More info here (note that this thread is using CBC mode, which is a litte different): Encrypt & Decrypt using PyCrypto AES 256

NoConnection
  • 765
  • 7
  • 23