initialization-vector

I'm trying to decrypt a base64 string which has been encrypted with aes256 in openssl. I was given the session key and IV, which were encrypted with my key. I converted them to hexadecimal so that I can use the following openssl command: openssl enc -d -aes256 -iv iv.hex -K sessionkey.hex -in message.b64 -out message.txt I get the error saying the IV is a non-hex value. I started out with IV and session key in base64, which was encrypted with my key. So I did the following: //convert base64 to binary openssl base64 -d -in iv.b64 -out iv.bin openssl base64 -d -in sessionkey.b64 -out sessionkey

I'm implementing and AES encryption engine for PBE in android, and I've found two ways to implement the creation of the IV and I would like to know which one is better and more secure for getting IvParameterSpec : Method #1: SecureRandom randomSecureRandom = SecureRandom.getInstance("SHA1PRNG"); byte[] iv = new byte[cipher.getBlockSize()]; randomSecureRandom.nextBytes(iv); IvParameterSpec ivParams = new IvParameterSpec(iv); Method #2: AlgorithmParameters params = cipher.getParameters(); byte[] iv2 = params.getParameterSpec(IvParameterSpec.class).getIV(); ivParams = new IvParameterSpec(iv2); I

I understand that unique IV is important in encrypting to prevent attacks like frequency analysis. The question: For AES CBC encryption, whats the importance of the IV? has a pretty clear answer explaining the importance of the IV. Would there be any security holes in sending the IV in clear text? Or would it need to be encrypted with the same public/private key that was used to send the symmetric key? If the IV needs to be sent encrypted, then why not generate a new symmetric key each time and consider the IV as part of the key? Is it that generating a symmetric key is too costly? Or is it to

I'm trying to implement AES in Java and this is the code I use: byte[] sessionKey = {00000000000000000000000000000000}; byte[] iv = {00000000000000000000000000000000}; byte[] plaintext = "6a84867cd77e12ad07ea1be895c53fa3".getBytes(); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(sessionKey, "AES"), new IvParameterSpec(iv)); byte[] ciphertext = cipher.doFinal(plaintext); cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(sessionKey, "AES"), new IvParameterSpec(iv)); byte[] deciphertext = cipher.doFinal(ciphertext); I need this

Today I was doing some leisurely reading and stumbled upon Section 5.8 (on page 45) of Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) (NIST Special Publication 800-56A) . I was very confused by this: An Approved key derivation function (KDF) shall be used to derive secret keying material from a shared secret. The output from a KDF shall only be used for secret keying material, such as a symmetric key used for data encryption or message integrity, a secret initialization vector, or a master key that will be used to generate other keys