using randomly generated IV for encryption

Discussion in 'Java' started by jimgardener, Dec 4, 2008.

  1. jimgardener

    jimgardener Guest

    hi
    in a text book by David Hook, I came across creation of random IV for
    encryption.It goes like this
    <code snippet>
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
    int blksz=cipher.getBlockSize();
    byte[] ivBytes=new byte[blksz];
    SecureRandom random=new SecureRandom();
    random.nextBytes(ivBytes);
    IvParameterSpec ivSpec=new IvParameterSpec(ivBytes);
    //encryption pass
    cipher.init(Cipher.ENCRYPT_MODE,key,ivSpec);

    </code snippet>

    then the example in the book takes the iv and encrypts it into
    ciphertext and then works on the message to be encoded

    <code snippet>
    byte[] cipherText=new byte[cipher.getOutputSize(ivBytes.length
    +input.length)];
    int ctLength=cipher.update(ivBytes,0,ivBytes.length,cipherText,0);
    ctLength+=cipher.update(input,0,input.length,cipherText,ctLength);
    ctLength+=cipher.doFinal(cipherText,ctLength);
    </code snippet>

    In decryption pass,the ciphertext is decrypted and then the IV is
    removed from the byte array to recover the plaintext bytes.

    Is this the proper way to do this?Or is there a better alternative?
    thanks
    jim
    jimgardener, Dec 4, 2008
    #1
    1. Advertising

  2. jimgardener

    Arne Vajhøj Guest

    jimgardener wrote:
    > hi
    > in a text book by David Hook, I came across creation of random IV for
    > encryption.It goes like this
    > <code snippet>
    > Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
    > int blksz=cipher.getBlockSize();
    > byte[] ivBytes=new byte[blksz];
    > SecureRandom random=new SecureRandom();
    > random.nextBytes(ivBytes);
    > IvParameterSpec ivSpec=new IvParameterSpec(ivBytes);
    > //encryption pass
    > cipher.init(Cipher.ENCRYPT_MODE,key,ivSpec);
    >
    > </code snippet>
    >
    > then the example in the book takes the iv and encrypts it into
    > ciphertext and then works on the message to be encoded
    >
    > <code snippet>
    > byte[] cipherText=new byte[cipher.getOutputSize(ivBytes.length
    > +input.length)];
    > int ctLength=cipher.update(ivBytes,0,ivBytes.length,cipherText,0);
    > ctLength+=cipher.update(input,0,input.length,cipherText,ctLength);
    > ctLength+=cipher.doFinal(cipherText,ctLength);
    > </code snippet>
    >
    > In decryption pass,the ciphertext is decrypted and then the IV is
    > removed from the byte array to recover the plaintext bytes.
    >
    > Is this the proper way to do this?


    No.

    The other end needs to know iv to decrypt.

    So there are absolutely no point in having iv in the message.

    Arne
    Arne Vajhøj, Dec 5, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QW5kZXJzQmo=?=

    Sessions randomly lost using state server

    =?Utf-8?B?QW5kZXJzQmo=?=, Sep 13, 2005, in forum: ASP .Net
    Replies:
    9
    Views:
    3,702
    Alvin Bruney - ASP.NET MVP
    Sep 14, 2005
  2. Stuart

    Randomly Generated Strings

    Stuart, Feb 18, 2004, in forum: ASP General
    Replies:
    2
    Views:
    96
    Stuart
    Feb 19, 2004
  3. J1C

    Randomly generated filename.

    J1C, Oct 19, 2005, in forum: ASP General
    Replies:
    7
    Views:
    141
  4. Replies:
    3
    Views:
    147
    Evertjan.
    Jan 15, 2007
  5. Replies:
    4
    Views:
    194
    Brian Candler
    Oct 21, 2009
Loading...

Share This Page