Question about crypto

Roy Smith roy at panix.com
Sun Aug 18 18:52:46 EDT 2013 

In article <mailman.6.1376863028.19984.python-list at python.org>,
 Anthony Papillion <papillion at gmail.com> wrote:

> I've just started working with the Crypto library and I've already run
> into a wall even though I'm following a tutorial. Basically, I'm trying
> to encrypt a string using AES in CBC mode. Here is the code:
> 
> from Crypto import AES

You don't say exactly what module you're using.  I'm assuming 
https://www.dlitz.net/software/pycrypto/api/current/, yes?

> import hashlib
> 
> text_to_encrypt = 'This is a super secret encrypted message, yo!'
> key = '0123456789abcdef'
> mode = AES.MODE_CBC
> encryptor = AES.new(key, mode)
> 
> ciphertext = encryptor.encrypt(text)
> 

There's a good explanation of CBC in Wikipedia:
 
http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher-block_
chaining_.28CBC.29

In a nutshell, AES-CBC works is to break the input up into 16-byte 
blocks.  Each 16-byte block of input plaintext is encrypted to yield a 
16-byte block of ciphertext.  This 16-byte ciphertext block is also fed 
forward into the encryption step for the next block.

The IV is just the feed-forward block used for the first step.  So, it 
has to be the same size as the cipher block (i.e. 16 bytes).

AES can have different length keys (128, 192, or 256 bits), but the size 
of the cipher block is always 256 bits.  This can get confusing because 
most people just use a 256 bit key and incorrectly assume that the key 
size and block size are somehow related.  They're not.  When you say:

> When I run the code above, I am told that the IV must be 16 bytes long.
> I'm assuming that the IV (I know that means "Initialization Vector") is
> either the key OR something else I can set.

you're making that mistake.  The key can't (in general) be used as the 
IV.  In this particular case, you happen to have picked a key length 
which is the same as the block length, but that's just coincidence.

What you need to do is pick a 16 byte (256 bit) IV.

> Does anyone see what is wrong with the code above and could suggest 
> ways to make it work? I've spent the last 45 minutes googling around 
> and nothing comes up specific to my problem.

45 minutes is nothing when trying to understand crypto :-)

I've never used this particular module, but from the docs, I think what 
you want to do is:

iv = "SpamSpamSpamSpam"
encryptor = AES.new(key, mode, iv)

Keep in mind that the receiver will need the iv to decrypt your message.

More information about the Python-list mailing list