How to send vector in cbc for decipher?

Question

I'm expecting to cipher a string, from a client side (using aes-256-cbc and a secret password already known by both server & client). And then I'd like to decipher it (on the server side).

I have code that does work just fine (functionally speaking). But it seems I need to send the IV vector from client to server. I currently do it like this:

00000000000000000000000000000000.JAPQElUAxxxxxxxxxxxjTgJAPQElUAfgydvbY=

So, on the server I split the payload with a "dot" as separator and consider the first item to be the vector.

I believe this is not good to send the IV like this. Would you please help me understand how it should work?

Answer 1

In CBC encryption mode sending the IV without encrypted is normal and there is nothing to worry as long as the IV is unpredictable. See this question Why is CBC with predictable IV considered insecure against chosen-plaintext attack? from Cryptography.

A common way to send the IV is prepending it to the ciphertext. The libraries, in general, were designed to extract first 16-byte or enable offset in the byte-arrays.

CBC mode of operation is outdated. It has many problems as padding oracled attacks. You should use better alternative Authenticated Encryption (AE) modes as AES-GCM and ChaCha-Poly1305 which does not need padding. Also, in AE you will have confidentiality, integrity, and authentication where CBC only supports confidentiality.

AS modes provide an Authentication Tag that you will need to transmit with the IV. The usual practice; prepend the IV and append the tag to the ciphertext.

 IV || Ciphertext||Tag