C# AES Encryption - Stream mode to automatically prepend IV
Question
According to a comment on This Answer from GregS, the IV should be prepended to AES encrypted data (Assuming I'm reading it right):
Put it before the cipher. That way you can have decrypt in streaming mode.
It sounds to me like GregS is suggesting there's a streaming mode that will automatically prepend/parse the IV used in encryption.
Is this true?
I am currently manually prepending my IV to encrypted data and manually splitting ciphers into IV and data before decrypting. Is there a method to do this automatically?
For Reference:
Here's what I'm doing right now:
The Encrypt Method:
public byte[] Encrypt(byte[] data)
{
// Generate IV
var iv = new byte[BlockSize/8];
new Random().NextBytes(iv);
byte[] cipher = // encryption happens here
// Prepend IV to Cipher
var saltedCipher = new byte[iv.Length + cipher.Length];
Buffer.BlockCopy(iv, 0, saltedCipher, 0, iv.Length);
Buffer.BlockCopy(cipher, 0, saltedCipher, iv.Length, cipher.Length);
return saltedCipher;
}
The Decrypt Method:
public byte[] Decrypt(byte[] saltedCipher)
{
// Split saltedCipher into iv and cipher
var iv = new byte[BlockSize/8];
var cipher = new byte[saltedCipher.Length - iv.Length];
Buffer.BlockCopy(buffer, 0, iv, 0, iv.Length);
Buffer.BlockCopy(buffer, iv.Length, cipher, 0, cipher.Length);
byte[] data = // decryption happens here
return data;
}
1 answers
solution1
3 ACCPTED 2014-07-25 19:26:14
Using only the methods built in to the .NET framework, there is no way I know of that automatically prepends the data. There are many 3rd party libraries that will handle this for you, but the libraries in the System.Security.Cryptography do not by default.
Often when you are encrypting information you will have a header that contains all of the relevant information you need to know about the file before you decrypt it, what that information is varies wildly based on the needs of the software. For your simple example your header is just
╔════════════════╦══════════════╦═══════════════════╦═════════════╗ ║ Offset (bytes) ║ Size (bytes) ║ Encryption Status ║ Description ║ ╠════════════════╬══════════════╬═══════════════════╬═════════════╣ ║ 0 ║ BlockSize/8 ║ Unencrypted ║ IV ║ ║ BlockSize/8 ║ Var. ║ Encrypted ║ Data Area ║ ╚════════════════╩══════════════╩═══════════════════╩═════════════╝
And that is all you need, because you are (I am assuming) a fixed block size you don't need any extra information like the IV length, or any metadata about the file.
Compare that to a more complicated file, like a TrueCrypt container ( The original site does not exist anymore with the spec, but I found this mirror )
╔════════════════╦══════════════╦════════════════════════════╦══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Offset (bytes) ║ Size (bytes) ║ Encryption Status ║ Description ║ ╠════════════════╬══════════════╬════════════════════════════╬══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╣ ║ 0 ║ 64 ║ Unencrypted§ ║ Salt ║ ║ 64 ║ 4 ║ Encrypted ║ ASCII string "TRUE" ║ ║ 68 ║ 2 ║ Encrypted ║ Volume header format version (5) ║ ║ 70 ║ 2 ║ Encrypted ║ Minimum program version required to open the volume ║ ║ 72 ║ 4 ║ Encrypted ║ CRC-32 checksum of the (decrypted) bytes 256-511 ║ ║ 76 ║ 16 ║ Encrypted ║ Reserved (must contain zeroes) ║ ║ 92 ║ 8 ║ Encrypted ║ Size of hidden volume (set to zero in non-hidden volumes) ║ ║ 100 ║ 8 ║ Encrypted ║ Size of volume ║ ║ 108 ║ 8 ║ Encrypted ║ Byte offset of the start of the master key scope ║ ║ 116 ║ 8 ║ Encrypted ║ Size of the encrypted area within the master key scope ║ ║ 124 ║ 4 ║ Encrypted ║ Flag bits (bit 0 set: system encryption; bit 1 set: non-system in-place-encrypted/decrypted volume; bits 2–31 are reserved) ║ ║ 128 ║ 4 ║ Encrypted ║ Sector size (in bytes) ║ ║ 132 ║ 120 ║ Encrypted ║ Reserved (must contain zeroes) ║ ║ 252 ║ 4 ║ Encrypted ║ CRC-32 checksum of the (decrypted) bytes 64-251 ║ ║ 256 ║ Var. ║ Encrypted ║ Concatenated primary and secondary master keys** ║ ║ 512 ║ 65024 ║ Encrypted ║ Reserved (for system encryption, this item is omitted‡‡) ║ ║ 65536 ║ 65536 ║ Encrypted / Unencrypted§ ║ Area for hidden volume header (if there is no hidden volume within the volume, this area contains random data††). For system encryption, this item is omitted.‡‡ See bytes 0–65535. ║ ║ 131072 ║ Var. ║ Encrypted ║ Data area (master key scope). For system encryption, offset may be different (depending on offset of system partition). ║ ║ S-131072‡ ║ 65536 ║ Encrypted / Unencrypted§ ║ Backup header (encrypted with a different header key derived using a different salt). For system encryption, this item is omitted.‡‡ See bytes 0–65535. ║ ║ S-65536‡ ║ 65536 ║ Encrypted / Unencrypted§ ║ Backup header for hidden volume (encrypted with a different header key derived using a different salt). If there is no hidden volume within the volume, this area contains random data.†† For system encryption, this item is omitted.‡‡ See bytes 0–65535. ║ ╚════════════════╩══════════════╩════════════════════════════╩══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ * Provided that the options Quick Format and Dynamic are disabled and provided that the volume does not contain a filesystem that has been encrypted in place (note that TrueCrypt does not allow the user to create a hidden volume within such a volume). † The encrypted areas of the volume header are encrypted in XTS mode using the primary and secondary header keys. For more information, see the section Encryption Scheme and the section Header Key Derivation, Salt, and Iteration Count. ‡ S denotes the size of the volume host (in bytes). § Note that the salt does not need to be encrypted, as it does not have to be kept secret [7] (salt is a sequence of random values). ** Multiple concatenated master keys are stored here when the volume is encrypted using a cascade of ciphers (secondary master keys are used for XTS mode). †† See above in this section for information on the method used to fill free volume space with random data when the volume is created. ‡‡ Here, the meaning of "system encryption" does not include a hidden volume containing a hidden operating system.
So because the needs of a header can vary so much the .NET framework leaves it to the developer to design their own.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.