AES share only the key (no salt or IV)












4















I have a requirement to encrypt with AES -symmetric- a string and then share the encrypted string with a client.



They know the key (we have communicated over the phone) and they should be able to decipher the encrypted string.



However the Java implementations I have found all require to share the salt (or IV) along with the encrypted document. This defeats the purpose of sharing only the cipher text and a symmetric key (before hand) if I somehow have to send the salt every time.



Am I understanding something wrong? Is there a way to share only the cipher text and the symmetric key?






java spring spring-boot encryption aes







share|improve this question























  • The IV does not have to be secret so you can share it along with the ciphertext. For more info check here: security.stackexchange.com/questions/17044/…

    – iakovos Gurulian
    Nov 21 '18 at 9:58











  • Can you explain why sending an IV is such an issue to you? It's not a secret value.

    – Luke Joshua Park
    Nov 21 '18 at 10:00











  • The IV is unique for each message, and thus logically follows the message. Usually you would incorporate the IV in the message, eg prefixing the encrypted message with it. The IV don't need to be secret, but it do need to be random.

    – Ebbe M. Pedersen
    Nov 21 '18 at 11:09











  • Because the client is a big company that cannot handle anything other than what they are expecting...

    – idipous
    Nov 21 '18 at 14:08











  • The client never has to handle or know of the existence of the IV -- only your software does.

    – James K Polk
    Nov 21 '18 at 14:51
















4















I have a requirement to encrypt with AES -symmetric- a string and then share the encrypted string with a client.



They know the key (we have communicated over the phone) and they should be able to decipher the encrypted string.



However the Java implementations I have found all require to share the salt (or IV) along with the encrypted document. This defeats the purpose of sharing only the cipher text and a symmetric key (before hand) if I somehow have to send the salt every time.



Am I understanding something wrong? Is there a way to share only the cipher text and the symmetric key?






java spring spring-boot encryption aes







share|improve this question























  • The IV does not have to be secret so you can share it along with the ciphertext. For more info check here: security.stackexchange.com/questions/17044/…

    – iakovos Gurulian
    Nov 21 '18 at 9:58











  • Can you explain why sending an IV is such an issue to you? It's not a secret value.

    – Luke Joshua Park
    Nov 21 '18 at 10:00











  • The IV is unique for each message, and thus logically follows the message. Usually you would incorporate the IV in the message, eg prefixing the encrypted message with it. The IV don't need to be secret, but it do need to be random.

    – Ebbe M. Pedersen
    Nov 21 '18 at 11:09











  • Because the client is a big company that cannot handle anything other than what they are expecting...

    – idipous
    Nov 21 '18 at 14:08











  • The client never has to handle or know of the existence of the IV -- only your software does.

    – James K Polk
    Nov 21 '18 at 14:51














4












4








4








I have a requirement to encrypt with AES -symmetric- a string and then share the encrypted string with a client.



They know the key (we have communicated over the phone) and they should be able to decipher the encrypted string.



However the Java implementations I have found all require to share the salt (or IV) along with the encrypted document. This defeats the purpose of sharing only the cipher text and a symmetric key (before hand) if I somehow have to send the salt every time.



Am I understanding something wrong? Is there a way to share only the cipher text and the symmetric key?






java spring spring-boot encryption aes







share|improve this question














I have a requirement to encrypt with AES -symmetric- a string and then share the encrypted string with a client.



They know the key (we have communicated over the phone) and they should be able to decipher the encrypted string.



However the Java implementations I have found all require to share the salt (or IV) along with the encrypted document. This defeats the purpose of sharing only the cipher text and a symmetric key (before hand) if I somehow have to send the salt every time.



Am I understanding something wrong? Is there a way to share only the cipher text and the symmetric key?






java spring spring-boot encryption aes




java spring spring-boot encryption aes






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 21 '18 at 9:43









idipousidipous

2,16411929




2,16411929













  • The IV does not have to be secret so you can share it along with the ciphertext. For more info check here: security.stackexchange.com/questions/17044/…

    – iakovos Gurulian
    Nov 21 '18 at 9:58











  • Can you explain why sending an IV is such an issue to you? It's not a secret value.

    – Luke Joshua Park
    Nov 21 '18 at 10:00











  • The IV is unique for each message, and thus logically follows the message. Usually you would incorporate the IV in the message, eg prefixing the encrypted message with it. The IV don't need to be secret, but it do need to be random.

    – Ebbe M. Pedersen
    Nov 21 '18 at 11:09











  • Because the client is a big company that cannot handle anything other than what they are expecting...

    – idipous
    Nov 21 '18 at 14:08











  • The client never has to handle or know of the existence of the IV -- only your software does.

    – James K Polk
    Nov 21 '18 at 14:51



















  • The IV does not have to be secret so you can share it along with the ciphertext. For more info check here: security.stackexchange.com/questions/17044/…

    – iakovos Gurulian
    Nov 21 '18 at 9:58











  • Can you explain why sending an IV is such an issue to you? It's not a secret value.

    – Luke Joshua Park
    Nov 21 '18 at 10:00











  • The IV is unique for each message, and thus logically follows the message. Usually you would incorporate the IV in the message, eg prefixing the encrypted message with it. The IV don't need to be secret, but it do need to be random.

    – Ebbe M. Pedersen
    Nov 21 '18 at 11:09











  • Because the client is a big company that cannot handle anything other than what they are expecting...

    – idipous
    Nov 21 '18 at 14:08











  • The client never has to handle or know of the existence of the IV -- only your software does.

    – James K Polk
    Nov 21 '18 at 14:51

















The IV does not have to be secret so you can share it along with the ciphertext. For more info check here: security.stackexchange.com/questions/17044/…

– iakovos Gurulian
Nov 21 '18 at 9:58





The IV does not have to be secret so you can share it along with the ciphertext. For more info check here: security.stackexchange.com/questions/17044/…

– iakovos Gurulian
Nov 21 '18 at 9:58













Can you explain why sending an IV is such an issue to you? It's not a secret value.

– Luke Joshua Park
Nov 21 '18 at 10:00





Can you explain why sending an IV is such an issue to you? It's not a secret value.

– Luke Joshua Park
Nov 21 '18 at 10:00













The IV is unique for each message, and thus logically follows the message. Usually you would incorporate the IV in the message, eg prefixing the encrypted message with it. The IV don't need to be secret, but it do need to be random.

– Ebbe M. Pedersen
Nov 21 '18 at 11:09





The IV is unique for each message, and thus logically follows the message. Usually you would incorporate the IV in the message, eg prefixing the encrypted message with it. The IV don't need to be secret, but it do need to be random.

– Ebbe M. Pedersen
Nov 21 '18 at 11:09













Because the client is a big company that cannot handle anything other than what they are expecting...

– idipous
Nov 21 '18 at 14:08





Because the client is a big company that cannot handle anything other than what they are expecting...

– idipous
Nov 21 '18 at 14:08













The client never has to handle or know of the existence of the IV -- only your software does.

– James K Polk
Nov 21 '18 at 14:51





The client never has to handle or know of the existence of the IV -- only your software does.

– James K Polk
Nov 21 '18 at 14:51












2 Answers
2






active

oldest

votes


















2














The purpose of the IV in encryption is randomization. If you use ECB mode of operation, it can leak information about the ciphertexts that are encrypted under the same key. See the famous penguin in Wikipedia mode of operations.



E(k,m) = E(k,m') iff m=m'


The modern modes of operation use IV, as AES-GCM which is in TLS 1.3 cipher suites.



You should tell the big company about the danger. I'm pretty sure that they can easily adapt to your case very easily.



Note: ECB mode can only be safe, if




  • your data is always different (no pattern)

  • you generate a new key for every encryption with a key agreement protocol as Diffie-Hellman key exchange, and this is not your case.






share|improve this answer































    2














    Usually the IV is shared by appending it to the cipher text. So, eventually you are sending a single Base64 encoded string.



    So, if you are worried about breaking a contract by sending two fields (one IV and one cipher text) instead of sending just one field, let me assure you that you're going to send a single field only. And the decryption logic knows how to extract the IV from the received string and use it in the decryption process.



    Note that there are some key distinctions between IV and key:




    • Key is a secret, IV is not

    • Many messages can be encrypted with the same key, but IV is different for every new message. The key and IV combination has to be unique for every message and the IV also has to be random


    Therefore, you do not share IV the same way as key. Since IV changes for every message, it is actually appended with the cipher text to form a single string which is then sent as the encrypted output. So, the decryption logic takes as input only the key and your encrypted output; it knows how to extract the IV and the cipher text from the encrypted output.



    On today's date if anyone needs to encrypt something using AES, the usual choice is an authenticated encryption mode like GCM which provides not only confidentiality but also integrity in a secured way.



    Unless the recipient (in your case) is rigidly specifying a particular mode for AES, the default choice would always be AES with GCM. And even if the recipient proposes some mode that is not an authenticated encryption mode, you may consider explaining to them the benefits of using authenticated encryption mode.



    You'll find a complete java implementation with detailed explanation here.



    You may also want to read this along with the comments to understand it better.






    share|improve this answer

























      Your Answer






      StackExchange.ifUsing("editor", function () {
      StackExchange.using("externalEditor", function () {
      StackExchange.using("snippets", function () {
      StackExchange.snippets.init();
      });
      });
      }, "code-snippets");

      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "1"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53409163%2faes-share-only-the-key-no-salt-or-iv%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      2














      The purpose of the IV in encryption is randomization. If you use ECB mode of operation, it can leak information about the ciphertexts that are encrypted under the same key. See the famous penguin in Wikipedia mode of operations.



      E(k,m) = E(k,m') iff m=m'


      The modern modes of operation use IV, as AES-GCM which is in TLS 1.3 cipher suites.



      You should tell the big company about the danger. I'm pretty sure that they can easily adapt to your case very easily.



      Note: ECB mode can only be safe, if




      • your data is always different (no pattern)

      • you generate a new key for every encryption with a key agreement protocol as Diffie-Hellman key exchange, and this is not your case.






      share|improve this answer




























        2














        The purpose of the IV in encryption is randomization. If you use ECB mode of operation, it can leak information about the ciphertexts that are encrypted under the same key. See the famous penguin in Wikipedia mode of operations.



        E(k,m) = E(k,m') iff m=m'


        The modern modes of operation use IV, as AES-GCM which is in TLS 1.3 cipher suites.



        You should tell the big company about the danger. I'm pretty sure that they can easily adapt to your case very easily.



        Note: ECB mode can only be safe, if




        • your data is always different (no pattern)

        • you generate a new key for every encryption with a key agreement protocol as Diffie-Hellman key exchange, and this is not your case.






        share|improve this answer


























          2












          2








          2







          The purpose of the IV in encryption is randomization. If you use ECB mode of operation, it can leak information about the ciphertexts that are encrypted under the same key. See the famous penguin in Wikipedia mode of operations.



          E(k,m) = E(k,m') iff m=m'


          The modern modes of operation use IV, as AES-GCM which is in TLS 1.3 cipher suites.



          You should tell the big company about the danger. I'm pretty sure that they can easily adapt to your case very easily.



          Note: ECB mode can only be safe, if




          • your data is always different (no pattern)

          • you generate a new key for every encryption with a key agreement protocol as Diffie-Hellman key exchange, and this is not your case.






          share|improve this answer













          The purpose of the IV in encryption is randomization. If you use ECB mode of operation, it can leak information about the ciphertexts that are encrypted under the same key. See the famous penguin in Wikipedia mode of operations.



          E(k,m) = E(k,m') iff m=m'


          The modern modes of operation use IV, as AES-GCM which is in TLS 1.3 cipher suites.



          You should tell the big company about the danger. I'm pretty sure that they can easily adapt to your case very easily.



          Note: ECB mode can only be safe, if




          • your data is always different (no pattern)

          • you generate a new key for every encryption with a key agreement protocol as Diffie-Hellman key exchange, and this is not your case.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 21 '18 at 14:45









          kelalakakelalaka

          1,49211120




          1,49211120

























              2














              Usually the IV is shared by appending it to the cipher text. So, eventually you are sending a single Base64 encoded string.



              So, if you are worried about breaking a contract by sending two fields (one IV and one cipher text) instead of sending just one field, let me assure you that you're going to send a single field only. And the decryption logic knows how to extract the IV from the received string and use it in the decryption process.



              Note that there are some key distinctions between IV and key:




              • Key is a secret, IV is not

              • Many messages can be encrypted with the same key, but IV is different for every new message. The key and IV combination has to be unique for every message and the IV also has to be random


              Therefore, you do not share IV the same way as key. Since IV changes for every message, it is actually appended with the cipher text to form a single string which is then sent as the encrypted output. So, the decryption logic takes as input only the key and your encrypted output; it knows how to extract the IV and the cipher text from the encrypted output.



              On today's date if anyone needs to encrypt something using AES, the usual choice is an authenticated encryption mode like GCM which provides not only confidentiality but also integrity in a secured way.



              Unless the recipient (in your case) is rigidly specifying a particular mode for AES, the default choice would always be AES with GCM. And even if the recipient proposes some mode that is not an authenticated encryption mode, you may consider explaining to them the benefits of using authenticated encryption mode.



              You'll find a complete java implementation with detailed explanation here.



              You may also want to read this along with the comments to understand it better.






              share|improve this answer






























                2














                Usually the IV is shared by appending it to the cipher text. So, eventually you are sending a single Base64 encoded string.



                So, if you are worried about breaking a contract by sending two fields (one IV and one cipher text) instead of sending just one field, let me assure you that you're going to send a single field only. And the decryption logic knows how to extract the IV from the received string and use it in the decryption process.



                Note that there are some key distinctions between IV and key:




                • Key is a secret, IV is not

                • Many messages can be encrypted with the same key, but IV is different for every new message. The key and IV combination has to be unique for every message and the IV also has to be random


                Therefore, you do not share IV the same way as key. Since IV changes for every message, it is actually appended with the cipher text to form a single string which is then sent as the encrypted output. So, the decryption logic takes as input only the key and your encrypted output; it knows how to extract the IV and the cipher text from the encrypted output.



                On today's date if anyone needs to encrypt something using AES, the usual choice is an authenticated encryption mode like GCM which provides not only confidentiality but also integrity in a secured way.



                Unless the recipient (in your case) is rigidly specifying a particular mode for AES, the default choice would always be AES with GCM. And even if the recipient proposes some mode that is not an authenticated encryption mode, you may consider explaining to them the benefits of using authenticated encryption mode.



                You'll find a complete java implementation with detailed explanation here.



                You may also want to read this along with the comments to understand it better.






                share|improve this answer




























                  2












                  2








                  2







                  Usually the IV is shared by appending it to the cipher text. So, eventually you are sending a single Base64 encoded string.



                  So, if you are worried about breaking a contract by sending two fields (one IV and one cipher text) instead of sending just one field, let me assure you that you're going to send a single field only. And the decryption logic knows how to extract the IV from the received string and use it in the decryption process.



                  Note that there are some key distinctions between IV and key:




                  • Key is a secret, IV is not

                  • Many messages can be encrypted with the same key, but IV is different for every new message. The key and IV combination has to be unique for every message and the IV also has to be random


                  Therefore, you do not share IV the same way as key. Since IV changes for every message, it is actually appended with the cipher text to form a single string which is then sent as the encrypted output. So, the decryption logic takes as input only the key and your encrypted output; it knows how to extract the IV and the cipher text from the encrypted output.



                  On today's date if anyone needs to encrypt something using AES, the usual choice is an authenticated encryption mode like GCM which provides not only confidentiality but also integrity in a secured way.



                  Unless the recipient (in your case) is rigidly specifying a particular mode for AES, the default choice would always be AES with GCM. And even if the recipient proposes some mode that is not an authenticated encryption mode, you may consider explaining to them the benefits of using authenticated encryption mode.



                  You'll find a complete java implementation with detailed explanation here.



                  You may also want to read this along with the comments to understand it better.






                  share|improve this answer















                  Usually the IV is shared by appending it to the cipher text. So, eventually you are sending a single Base64 encoded string.



                  So, if you are worried about breaking a contract by sending two fields (one IV and one cipher text) instead of sending just one field, let me assure you that you're going to send a single field only. And the decryption logic knows how to extract the IV from the received string and use it in the decryption process.



                  Note that there are some key distinctions between IV and key:




                  • Key is a secret, IV is not

                  • Many messages can be encrypted with the same key, but IV is different for every new message. The key and IV combination has to be unique for every message and the IV also has to be random


                  Therefore, you do not share IV the same way as key. Since IV changes for every message, it is actually appended with the cipher text to form a single string which is then sent as the encrypted output. So, the decryption logic takes as input only the key and your encrypted output; it knows how to extract the IV and the cipher text from the encrypted output.



                  On today's date if anyone needs to encrypt something using AES, the usual choice is an authenticated encryption mode like GCM which provides not only confidentiality but also integrity in a secured way.



                  Unless the recipient (in your case) is rigidly specifying a particular mode for AES, the default choice would always be AES with GCM. And even if the recipient proposes some mode that is not an authenticated encryption mode, you may consider explaining to them the benefits of using authenticated encryption mode.



                  You'll find a complete java implementation with detailed explanation here.



                  You may also want to read this along with the comments to understand it better.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Nov 22 '18 at 14:56

























                  answered Nov 21 '18 at 15:14









                  Saptarshi BasuSaptarshi Basu

                  1,49811325




                  1,49811325






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Stack Overflow!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53409163%2faes-share-only-the-key-no-salt-or-iv%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

                      Image
                      .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 2 total noob sorry any help greatly appreciated. I keep getting this "Incorrect syntax near the keyword 'ON'." heres my codes code one CREATE TABLE supplier ( supplierID INT PRIMARY KEY, ISBN INT FOREIGN KEY REFERENCES book(ISBN), price DECIMAL (5,2), ON UPDATE CASCADE, ON DELETE CASCADE, ); code two CREATE TABLE orders ( orderID INT PRIMARY KEY, customerID INT FOREIGN KEY REFERENCES customer(customerID), ISBN INT FOREIGN KEY REFERENCES book(ISBN), orderDate date, ON UPDATE CASCADE, ON DELETE CASCADE, ); Ive run out of stuff to try other than dumbing it down to uselessness.
                      Read more

                      Alcedinidae

                      Image
                      Alcedinidae Martin-pêcheur à dos bleu ( Alcedo azurea ) Classification (COI) Règne Animalia Embranchement Chordata Sous-embr. Vertebrata Classe Aves Ordre Coraciiformes Famille Alcedinidae Rafinesque, 1815 Les Alcédinidés ou Alcedinidae forment une famille d'oiseaux plus connus sous les noms de martins-pêcheurs et martins-chasseurs. Sommaire 1 Description 2 Répartition et habitat 3 Systématique 3.1 Liste alphabétique des genres 3.2 Liste des espèces 4 Chez les Anciens : l'alcyon 4.1 Étymologie (Littré) 4.2 Oiseau « fabuleux » ? 5 Notes 6 Articles connexes 7 Liens externes 7.1 Bibliographie Description | Ce sont des oiseaux compacts de taille petite à moyenne (10 à 46 cm), au bec droit et long, en forme de poignard. Leurs pattes sont courtes, et ils portent un plumage aux couleurs vives. Répartition et habitat | Cosmopolites, ils fréquentent surtout
                      Read more

                      RAC Tourist Trophy

                      Image
                      Pour les articles homonymes, voir Tourist Trophy. Le RAC Tourist Trophy est une course automobile organisée par le Royal Automobile Club d'Angleterre. Créée en 1905, cette course a fait partie des épreuves comptant pour le championnat du monde des voitures de sport entre 1953 et 1955, en 1958 et 1959, et entre 1962 et 1965. Après une interruption de 17 ans (l'épreuve s'arrête après 1988), le RAC Tourist Trophy reprend en 2005 sous l'égide de la FIA GT. Palmarès | John Napier sur Arrol-Johnston, vainqueur du premier RAC Tourist Trophy, en 1905. L'honorable C.S. Rolls, vainqueur du RAC Tourist Trophy 1906. Ernest Curtis, sur Rover 20 hp, vainqueur du RAC Tourist Trophy 1907. William Watson, vainqueur du RAC Tourist Trophy 1908. Kenelm Lee Guinness, vainqueur du RAC Tourist Trophy 1914 sur Sunbeam. Départ du RAC Tourist Trophy 1928. Louis Gérard, vainqueur du RAC Tourist Trophy 1938 sur Delage. Année Circuit Vainqueur
                      Read more