Question about crypto

[Anthony Papillion]

I've just started working with the Crypto library and I've already run
into a wall even though I'm following a tutorial. Basically, I'm trying
to encrypt a string using AES in CBC mode. Here is the code:

from Crypto import AES
import hashlib

text_to_encrypt = 'This is a super secret encrypted message, yo!'
key = '0123456789abcdef'
mode = AES.MODE_CBC
encryptor = AES.new(key, mode)

ciphertext = encryptor.encrypt(text)

When I run the code above, I am told that the IV must be 16 bytes long.
I'm assuming that the IV (I know that means "Initialization Vector") is
either the key OR something else I can set. But I don't know how or what
to do.

Does anyone see what is wrong with the code above and could suggest ways
to make it work? I've spent the last 45 minutes googling around and
nothing comes up specific to my problem.

Thanks,
Anthony

 

[Roy Smith]

I've just started working with the Crypto library and I've already run
into a wall even though I'm following a tutorial. Basically, I'm trying
to encrypt a string using AES in CBC mode. Here is the code:

from Crypto import AES

You don't say exactly what module you're using. I'm assuming
https://www.dlitz.net/software/pycrypto/api/current/, yes?

import hashlib

text_to_encrypt = 'This is a super secret encrypted message, yo!'
key = '0123456789abcdef'
mode = AES.MODE_CBC
encryptor = AES.new(key, mode)

ciphertext = encryptor.encrypt(text)

There's a good explanation of CBC in Wikipedia:

http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher-block_
chaining_.28CBC.29

In a nutshell, AES-CBC works is to break the input up into 16-byte
blocks. Each 16-byte block of input plaintext is encrypted to yield a
16-byte block of ciphertext. This 16-byte ciphertext block is also fed
forward into the encryption step for the next block.

The IV is just the feed-forward block used for the first step. So, it
has to be the same size as the cipher block (i.e. 16 bytes).

AES can have different length keys (128, 192, or 256 bits), but the size
of the cipher block is always 256 bits. This can get confusing because
most people just use a 256 bit key and incorrectly assume that the key
size and block size are somehow related. They're not. When you say:

When I run the code above, I am told that the IV must be 16 bytes long.
I'm assuming that the IV (I know that means "Initialization Vector") is
either the key OR something else I can set.

you're making that mistake. The key can't (in general) be used as the
IV. In this particular case, you happen to have picked a key length
which is the same as the block length, but that's just coincidence.

What you need to do is pick a 16 byte (256 bit) IV.

Does anyone see what is wrong with the code above and could suggest
ways to make it work? I've spent the last 45 minutes googling around
and nothing comes up specific to my problem.

45 minutes is nothing when trying to understand crypto

I've never used this particular module, but from the docs, I think what
you want to do is:

iv = "SpamSpamSpamSpam"
encryptor = AES.new(key, mode, iv)

Keep in mind that the receiver will need the iv to decrypt your message.

 

[Anthony Papillion]

You don't say exactly what module you're using. I'm assuming
https://www.dlitz.net/software/pycrypto/api/current/, yes?

<snip>

Thank you, Roy, this was very helpful. You're right, I was confusing key
size with the IV and I was tying the two together in an inappropriate
(wrong) way.

Thanks again!
Anthony