Reputation: 1
is it possible to retrieve the IvParameterSpec from the code (JAVA)?
I have a code:
byte[] var1 = e.getBytes("UTF-8");
SecretKeyFactory var2 = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
PBEKeySpec var3 = new PBEKeySpec("C9C34EA5E77EF9FF".toCharArray(), var1, 65536, 128);
SecretKey var4 = var2.generateSecret(var3);
SecretKeySpec var5 = new SecretKeySpec(var4.getEncoded(), "AES");
IvParameterSpec var6 = new IvParameterSpec(ivs);
Cipher var7 = Cipher.getInstance("AES/CBC/PKCS5Padding");
var7.init(1, var5, var6);
byte[] var8 = var7.doFinal(var0.getBytes("UTF-8"));
return var8;
and using this byte array for IvParameterSpec:
private static final byte[] ivs = new byte[]{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
I'm trying to rebuild this code, I already have the final value of this function and all other parameters, but the final value doesn't match the expected because the only parameter I don't know, and it's wrong is the IvParameterSpec.
The question is, is there any way to get this parameter from the other information:
Upvotes: 0
Views: 1148
Answers (1)
Reputation: 1789
You are working with AES encryption, which uses a secret encryption key in combination with an Initialization Vector (IV) to both encrypt and descrypt a message. The secret encryption key is a single value that you really want to keep a secret. The initialization vector on the other hand should be changed with every encrypted message, with its main purpose to make two identical messages encrypt to two cyphertexts that look nothing alike, and therefore preventing an attacker from being able to recognise repeating encrypted messages (even though the contents are still hidden). That all being said, the initialization vector is NOT a secret, and it is often appended to the cyphertext (the encrypted message) for the receiver to get. If you are lucky, then the cyphertext that you have has its first 16 bytes being the IV, possibly BASE64 encoded with a : separator. If you don't have any cyphertext, then you should just pick any random value for the IV, making sure that the receiving party gets the IV as well to be able to decrypt the message.
PS: It is possible to brute force the 16 byte IV if you have an encrypted message with the knowledge of what that message is, but the expected time to attempt these 3.4e38 options at 1000 attempt per ms with a billion computers will still be 1e16 years. When you're using a secure algorithm, it's just not feasible to crack it.
Upvotes: 0
Related Questions
- How to make IvParameterSpec random but still decrypt
- How to find in Java if a Cipher needs an IV or not?
- IvParameterSpec value different for each print
- How to get the generated IV from encryption to decryption method
- how to write IvParameterSpec to a file?
- Retrieving salt, key, IV in java from encrypted bytes
- How to get IV for decryption in Java?
- How to decrypt AES/CBC with known IV
- How to use same IvParameterSpec object in different programs?
- Get updated IV from Cipher after encrypting bytes