Velocity Reviews - Computer Hardware Reviews
Home Forums Reviews Guides Newsgroups Register Search
Member Login:

Velocity Reviews > Newsgroups > Programming > Java > using randomly generated IV for encryption

Reply
Thread Tools

using randomly generated IV for encryption

 
 
jimgardener
Guest
Posts: n/a
 
      12-04-2008
hi
in a text book by David Hook, I came across creation of random IV for
encryption.It goes like this
<code snippet>
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
int blksz=cipher.getBlockSize();
byte[] ivBytes=new byte[blksz];
SecureRandom random=new SecureRandom();
random.nextBytes(ivBytes);
IvParameterSpec ivSpec=new IvParameterSpec(ivBytes);
//encryption pass
cipher.init(Cipher.ENCRYPT_MODE,key,ivSpec);

</code snippet>

then the example in the book takes the iv and encrypts it into
ciphertext and then works on the message to be encoded

<code snippet>
byte[] cipherText=new byte[cipher.getOutputSize(ivBytes.length
+input.length)];
int ctLength=cipher.update(ivBytes,0,ivBytes.length,ci pherText,0);
ctLength+=cipher.update(input,0,input.length,ciphe rText,ctLength);
ctLength+=cipher.doFinal(cipherText,ctLength);
</code snippet>

In decryption pass,the ciphertext is decrypted and then the IV is
removed from the byte array to recover the plaintext bytes.

Is this the proper way to do this?Or is there a better alternative?
thanks
jim
 
Reply With Quote
 
 
 
 
Arne Vajhøj
Guest
Posts: n/a
 
      12-05-2008
jimgardener wrote:
> hi
> in a text book by David Hook, I came across creation of random IV for
> encryption.It goes like this
> <code snippet>
> Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
> int blksz=cipher.getBlockSize();
> byte[] ivBytes=new byte[blksz];
> SecureRandom random=new SecureRandom();
> random.nextBytes(ivBytes);
> IvParameterSpec ivSpec=new IvParameterSpec(ivBytes);
> //encryption pass
> cipher.init(Cipher.ENCRYPT_MODE,key,ivSpec);
>
> </code snippet>
>
> then the example in the book takes the iv and encrypts it into
> ciphertext and then works on the message to be encoded
>
> <code snippet>
> byte[] cipherText=new byte[cipher.getOutputSize(ivBytes.length
> +input.length)];
> int ctLength=cipher.update(ivBytes,0,ivBytes.length,ci pherText,0);
> ctLength+=cipher.update(input,0,input.length,ciphe rText,ctLength);
> ctLength+=cipher.doFinal(cipherText,ctLength);
> </code snippet>
>
> In decryption pass,the ciphertext is decrypted and then the IV is
> removed from the byte array to recover the plaintext bytes.
>
> Is this the proper way to do this?

No.

The other end needs to know iv to decrypt.

So there are absolutely no point in having iv in the message.

Arne
 
Reply With Quote
 
 
 
Reply

« connect java to gps device | Applet parameters - ignore case? »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Randomly generated words from a set of letters MR-Mencel@wiu.edu Ruby 4 10-21-2009 09:14 AM
Randomly generated variables in ASP vadapallyraju@gmail.com ASP General 3 01-15-2007 04:45 PM
Randomly generated filename. J1C ASP General 7 10-20-2005 02:26 PM
WIFI connection randomly/non randomly disconnects King Fu Wireless Networking 2 11-10-2004 07:03 AM
Randomly Generated Strings Stuart ASP General 2 02-19-2004 09:38 AM



Advertisments
 


Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc..
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top