Why AesCbc encrypted ciphertext is prefixed with IV?

Question

Why AesCbc encrypted ciphertext is prefixed with IV?

Opened this issue 2 years ago · 1 comments

Hi I have a question about the implementation of AesCbc:
I see that the result of encryption is prefixed with the iv and the decryption, instead, removes the iv decrypting.

Is that a reason for this? from the RFC or usage examples of the Cipher dont do anything similar.

Even the tests vectors from https://datatracker.ietf.org/doc/html/rfc3602#section-4 the cipher does not include the iv and the assertions you implemented need to modify the result to match the test vectors.

Thanks for that!

Answer 1 · 2023-06-06T02:15:45.000Z

The purpose of this design is to facilitate encryption and decryption without requiring the user to understand the process of generating iv (BTW, iv also supports customization), it also refers to the design of Tink. AesSiv.java#L125, AesCtrJceCipher.java#L95 🍺