keydata and IV for aes in tcl

Question

I have a tcl/tk based tool, which uses network password for authentication. Issue is that, it is saving password in the logs/history. So objective is to encrypt the password.

I tried to use aes package. But at the very beginning aes::init asks for keydata and initialization vector (16 byte). So how to generate IV and keydata. Is is some Random number? I am a novice in encryption algorithms.

Answer 1

If you have the password in the logs/history, why not fix the bug of logging/storing it in the first place?

Otherwise there are distinct things you might want:

1. A password hashing scheme like PBKDF2, bcrypt, argon2 etc. to store a password in a safe way and compare some user input to it. This is typically the case when you need to implement some kind of authentication with passwords on the server side.

2. A password encryption and protection scheme like AES. You need a password to authenticate to some service automatically, and it requires some form of cleartext password.

3. You have some secret data and need to securly store it to in non cleartext form.

If you have case 1, don't use the aespackage, it is the wrong tool for the job. If you have case 2, the aes package might help you, but you just exchanged the problem of keeping the password secret with the other problem of keeping the key secret (not a huge win). So the only viable case where aes is an option might be 3.

Lets assume you need to store some secret data in a reversible way, e.g. case 3 from above.

AES has a few possible modes of operation, common ones you might see are ECB, CBC, OFB, GCM, CTR. The Tcllib package just supports ECB and CBC, and only CBC (which is the default) is really an option to use. Visit Wikipedia for an example why you should never use ECB mode.

Now back to your actual question:

Initialization Vector (IV)

This is a random value you pick for each encryption, it is not secret, you can just publish it together with the encrypted data. Picking a random IV helps to make two encrypted blocks differ, even if you use the same key and cleartext.

Secret Key

This is also a random value, but you must keep it secret, as it can be used for encryption and decryption. You often have the same key for multiple encryptions.

Where to get good randomness?

If you are on Linux, BSD or other unixoid systems just read bytes from /dev/urandom or use a wrapper for getrandom(). Do NOT use Tcls expr {rand()} or similar pseudorandom number generators (PRNG). On Windows TWAPI and the CryptGenRandom function would be the best idea, but sadly there is no Tcl high level wrapper included.

Is that enough?

Depends. If you just want to hide a bit of plaintext from cursory looks, maybe. If you have attackers manipulating your data or actively trying to hack your system, less so. Plain AES-CBC has a lot of things you can do wrong, and even experts did wrong (read about SSL/TLS 1.0 problems with AES-CBC).

Final words: If you are a novice in encryption algorithms, be sure you understand what you want and need to protect, there are a lot of pitfalls.

Answer 2

If I read the Tcler's Wiki page on aes, I see that I encrypt by doing this:

package require aes

set plaintext "Some super-secret bytes!"
set key "abcd1234dcba4321";                        # 16 bytes

set encrypted [aes::aes -dir encrypt -key $key $plaintext]

and I decrypt by doing:

# Assuming the code above was run...
set decrypted [aes::aes -dir decrypt -key $key $encrypted]

Note that the decrypted text has NUL (zero) bytes added on the end (8 of them in this example) because the encryption algorithm always works on blocks of 16 bytes, and if you're working with non-ASCII text then encoding convertto and encoding convertfrom might be necessary.

---

You don't need to use aes::init directly unless you are doing large-scale streaming encryption. Your use case doesn't sound like it needs that sort of thing. (The key data is your “secret”, and the initialisation vector is something standardised that usually you don't need to set.)