Archived Forum Post

Index of archived forum posts

Question:

AES CBC Mode not according to NIST?

Aug 04 '14 at 00:34

Hi, I am using Chilkat library for academic purpose. I am using the Library for Cryptographic Operations. The AES ECB mode worked perfectly and whoa! thanks a lot. The code for AES CBC mode is not according to NIST? The output vector doesn't match the output vector as per NIST. I would be grateful if you could show me the code that will help me work perfectly with NIST vectors for AES CBC mode.

Thanks a lot.


Answer

Chilkat's implementation of AES (CBC mode) is used for communication in both the SSH and SSL/TLS protocols, as well as in the Zip file format. If it was somehow incorrect, then none of it would work. I'm more inclined to believe that you're not quite doing something correctly in your test program.


Answer

I am sorry, I didn't mean it was incorrect but my query is whether the source code that is being given on the website for AES_CBC_256 mode is according to NIST or not. I have used the same source code that is given on the website:

import com.chilkatsoft.*;

public class ChilkatExample {

static { try { System.loadLibrary("chilkat"); } catch (UnsatisfiedLinkError e) { System.err.println("Native code library failed to load.n" + e); System.exit(1); } }

public static void main(String argv[]) { CkCrypt2 crypt = new CkCrypt2();

boolean success;
success = crypt.UnlockComponent("Anything for 30-day trial");
if (success != true) {
    System.out.println(crypt.lastErrorText());
    return;
}

//  AES is also known as Rijndael.
crypt.put_CryptAlgorithm("aes");

//  CipherMode may be "ecb" or "cbc"
crypt.put_CipherMode("cbc");

//  KeyLength may be 128, 192, 256
crypt.put_KeyLength(256);

//  The padding scheme determines the contents of the bytes
//  that are added to pad the result to a multiple of the
//  encryption algorithm's block size.  AES has a block
//  size of 16 bytes, so encrypted output is always
//  a multiple of 16.
crypt.put_PaddingScheme(0);

//  EncodingMode specifies the encoding of the output for
//  encryption, and the input for decryption.
//  It may be "hex", "url", "base64", or "quoted-printable".
crypt.put_EncodingMode("hex");

//  An initialization vector is required if using CBC mode.
//  ECB mode does not use an IV.
//  The length of the IV is equal to the algorithm's block size.
//  It is NOT equal to the length of the key.
String ivHex;
ivHex = "000102030405060708090A0B0C0D0E0F";
crypt.SetEncodedIV(ivHex,"hex");

//  The secret key must equal the size of the key.  For
//  256-bit encryption, the binary secret key is 32 bytes.
//  For 128-bit encryption, the binary secret key is 16 bytes.
String keyHex;
keyHex = "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F";
crypt.SetEncodedKey(keyHex,"hex");

//  Encrypt a string...
//  The input string is 44 ANSI characters (i.e. 44 bytes), so
//  the output should be 48 bytes (a multiple of 16).
//  Because the output is a hex string, it should
//  be 96 characters long (2 chars per byte).
String encStr;
encStr = crypt.encryptStringENC("The quick brown fox jumps over the lazy dog.");
System.out.println(encStr);

//  Now decrypt:
String decStr;
decStr = crypt.decryptStringENC(encStr);
System.out.println(decStr);

} }