In article <mailman.6.1376863028.19984.python-l...@python.org>, Anthony Papillion <papill...@gmail.com> wrote:
> I've just started working with the Crypto library and I've already run > into a wall even though I'm following a tutorial. Basically, I'm trying > to encrypt a string using AES in CBC mode. Here is the code: > > from Crypto import AES You don't say exactly what module you're using. I'm assuming https://www.dlitz.net/software/pycrypto/api/current/, yes? > import hashlib > > text_to_encrypt = 'This is a super secret encrypted message, yo!' > key = '0123456789abcdef' > mode = AES.MODE_CBC > encryptor = AES.new(key, mode) > > ciphertext = encryptor.encrypt(text) > There's a good explanation of CBC in Wikipedia: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher-block_ chaining_.28CBC.29 In a nutshell, AES-CBC works is to break the input up into 16-byte blocks. Each 16-byte block of input plaintext is encrypted to yield a 16-byte block of ciphertext. This 16-byte ciphertext block is also fed forward into the encryption step for the next block. The IV is just the feed-forward block used for the first step. So, it has to be the same size as the cipher block (i.e. 16 bytes). AES can have different length keys (128, 192, or 256 bits), but the size of the cipher block is always 256 bits. This can get confusing because most people just use a 256 bit key and incorrectly assume that the key size and block size are somehow related. They're not. When you say: > When I run the code above, I am told that the IV must be 16 bytes long. > I'm assuming that the IV (I know that means "Initialization Vector") is > either the key OR something else I can set. you're making that mistake. The key can't (in general) be used as the IV. In this particular case, you happen to have picked a key length which is the same as the block length, but that's just coincidence. What you need to do is pick a 16 byte (256 bit) IV. > Does anyone see what is wrong with the code above and could suggest > ways to make it work? I've spent the last 45 minutes googling around > and nothing comes up specific to my problem. 45 minutes is nothing when trying to understand crypto :-) I've never used this particular module, but from the docs, I think what you want to do is: iv = "SpamSpamSpamSpam" encryptor = AES.new(key, mode, iv) Keep in mind that the receiver will need the iv to decrypt your message. -- http://mail.python.org/mailman/listinfo/python-list
