libgcrypt - Initialization Vector
tthomas at chubb.com
Fri Apr 29 15:47:17 CEST 2005
Brad Hards wrote:
> On Fri, 29 Apr 2005 03:38 am, Tod Thomas wrote:
>>I wrote two seperate programs using libgcrypt, one to perform encryption
>>and one to perform decryption. Whan I pass a string to the encryption
>>module and then pipe its output to the decryption module I get the
>>correct value returned - as long as the IV is the same.
> This is the correct usage.
>>Once I change the IV in one I no longer get the correct, decrypted
>>string back. I discovered this because I decided to make my IV a truly
>>random value by using the output of gcry_randomize to set it and that
> This is the intended behaviour. As Moritz explained, the ciphertext is a
> function of the plain text, the key and the IV. The IV is intended to protect
> from the case when you use the same key over and over, and you might encrypt
> the same plaintext. In this case, if you don't have a salt/IV anyone who can
> see the ciphertext knows that it the plaintext. IV also makes dictionary
> attacks much harder.
But what if I take my testing scenario from above and rather than
running them both on the same machine piping the output of one to the
other, instead run each program on a seperate machine?
Using your description wouldn't I have to pass the IV's value along with
the ciphertext to be able to decrypt it on the other end? Wouldn't I
then have the burden of passing the IV in a secured fashion instead of
just needing to pass the resulting ciphertext? Maybe I wouldn't want to
use symmetric encryption for that kind of task?
>>My question then is if the IV should behave as the documentation
>>suggests why isn't my test working? I suspect I have misunderstood
>>something in the reading or in my implementation, just not sure what.
>>I'll be happy to provide more details upon request.
> Can you tell me which part of the documentation led you think it might be OK
> to use a different IV for encryption and decryption? I can take a look at
> it, and perhaps propose some changes.
What I want to do is be able to encrypt a value using libgcrypt and then
provide the decryption algorithm to an internal customer so they can
decrypt it for their own purposes.
The statement the IV "is a non-secret random string acting as a kind of
salt value." gave me the impression it was a random number that was
somehow used by the encryption algorithm to provide a set of random
numbers to be used in the encryption process.
I see now that it is more of a random value used to 'mask' the key value
on an encryption by encryption basis. But this unique quality prevents
its value from being reproduced, requiring that it somehow be made
available to the process that will ultimately perform the decryption.
This would mean either the decryption routine would need to know how to
replicate the salt (not likely due to its randomness) or have it passed
as a value along with the ciphertext.
Please bear with me, I'm just learning the inner workings of encryption
so my conceptual knowledge is just beginning to grow.
Thanks - Tod
More information about the Gcrypt-devel