1

Recently I inherit an legacy source code where previous developer use the 128 Bits AES encryption with a 20 bytes key.

We cannot find a counter part implementation in other platform(Where we cannot decrypt the encrypted string using other platform's AES library), is it possible to expose the internal logic for how the 20 bytes key can be converted to 16 bytes key?

The system has deployed for quite a time, it is very troublesome to update all the users' local key.

Xue Liangliang
  • 473
  • 4
  • 6

1 Answers1

2

AES supports only 128, 192 and 256-bit keys. The two most likely scenarios are either

  1. the 160-bit are sliced so that only the first 128-bit are used for the key or
  2. the 160-bit are padded with zero bytes (\0) to get either a 192-bit or a 256-bit key.

And the winner is: pad the 20-byte key with 4 zero bytes (\0) to get the proper key to be compatible with other AES implementations.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
  • Thanks, the option 2 with 192-bit actually works. Previously I padded wrong number of \0 , I tried both options before. But anyway thanks, and hope it can help others as well. – Xue Liangliang Jan 24 '15 at 12:11