tags:

views:

106

answers:

2
Q: 

How to extract the intermediate Initialization Vector from a sequence of encryption steps?

I am implementing an log-structured file system and want to encrypt a series of blocks by using the .NET Cryptography namespace. I've chosen the Aes symmetric encryption, created the key and the initial, random Initialization Vector.

So far so good, using the ICryptoTransform returned by SymmetricAlgorithm.CreateEncryptor() it is possible to encrypt the individual blocks.

To enable "random access" retrieval at decryption time, the intermediate initialization vectors need to be stored alongside with the encrypted blocks.

But I can't see a way to extract the intermediate IVs? They must be stored in the instance that implements the encryption algorithm, but - as I can see - the current IV is not accessible.

Of course, this limitation can be circumvented by generating random IVs, or by misusing encrypted data to encrypt the next block in the chain. But this feels like a hack due to the fact the that block chaining is supported in most of the symmetric algorithms which - as I assume - are just reusing the resulting vector from the previous block's encryption.

A: 

The IV must be known to the recipient of the encrypted information to be able to decrypt it. This can be ensured in a number of ways: by transmitting the IV along with the packet, by agreeing on it beforehand during the key exchange or the handshake, by calculating it (usually incrementally), or by measuring such parameters as current time (used in hardware authentication tokens such as RSA SecurID, VASCO Digipass, etc.), IDs such as sender's and/or recipient's address or ID, file ID, the packet, sector or cluster number, etc.

Ref.

Mitch Wheat  2009-08-07 10:31:51
Yes, the IVs are calculated incrementally for each block, but to store them they must be known. My question was how to retrieve them from the .NET API encryption algorithm.
Armin  2009-08-07 10:41:33
+1  A: 

The CBC mode chains each block together by XORing the encryption of the previous block onto the plaintext block before encrypting. When encrypting the first block there is no previous block to use, so you provide an IV to use for the first block.

So what you call the "intermediate IV" is just the encryption of the previous block. No hack needed.

Rasmus Faber  2009-08-07 17:47:19
+1: Many thanks. Your answer shows a deep understanding of the encryption process and totally clears the things up for me. Enlightening!!! :)
Armin  2009-08-07 22:51:52

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?