Archived Forum Post

Index of archived forum posts


Does the Chilkat library create an IV when one isn't provided?

Feb 10 '16 at 14:20

From what i can tell the AES encryption requires an IV to be set. However, chilkat does not require an IV. When I use AES encryption with the Chilkat library how does the software handle this? Is there an algorithm to generate the IV when it is not provided?

The Chilkat library absolutely won't run in Azure despite limited responses from Azure staff and Chilkat staff on this matter. I must find a way to decrypt our data manually for clients using Cloud Services. Based on my research (limited to be honest) there is an incompatibility between .net decryption and the chilkat implementation based on the IV value. .Net requires an IV and our Chilkat does not. I have inspected the value of the IV just before encryption and it is byte[0], which will throw an error when trying to write my own decyption method in .net.

Can you please share how this IV is being used in Chilkat OR where my deficiency is in understanding this process?

Accepted Answer

It is the cipher mode (CipherMode property) that determines whether an IV is required or not. For example, AES in ECB cipher mode does NOT require an IV. AES in CBC cipher mode DOES require an IV.

If you forget to explicitly provide an IV in CBC mode, then a default all-zero IV is used. (i.e. 16 bytes each of which has the value 0x00)