3

I need to encrypt a block of data using AES-128-ECB and would like to do so with libsodium and Ruby. I have prototyped a solution in Ruby using OpenSSL APIs as shown below:

aes = OpenSSL::Cipher::Cipher.new("AES-128-ECB")
aes.encrypt
aes.key = key
aes.update(data) + aes.final

This works, but I need other features from libsodium, so I would like to use it instead and get rid of my dependency on OpenSSL. Unfortunately, I don't see any APIs for ECB mode. I am also using the ruby wrapper RbNaCl, but I don't even see any way to do this using the base libsodium APIs. I do see ones for AES-128-CTR.

Is it possible to encrypt AES-128-ECB with libsodium?

davidgyoung
  • 63,876
  • 14
  • 121
  • 204
  • I don't think you can, because libsodium seems to expose only AES-128-CTR as a primitive. If it would expose AES directly that it would be easy to implement it yourself. – Artjom B. Sep 01 '15 at 14:43

1 Answers1

8

libsodium intentionally doesn't support the ECB mode.

In this mode, the same block encrypted twice produces the same ciphertext twice.

A classic illustration of why this is terrible from a security perspective is the ECB penguin.

Instead of providing many primitives, modes and parameters to choose from, with many combinations actually being insecure, libsodium provides a cherry-picked set of secure constructions.

AES-ECB is not one of them, and will never be for the reasons stated above.

You really should switch to a different construction.

Frank Denis
  • 1,475
  • 9
  • 12
  • 3
    Thanks for the answer! Since your name appears on the license page of [libsodium](https://github.com/jedisct1/libsodium/blob/master/LICENSE), I'll assume you know what you are talking about. I certainly won't argue the merits of AES-ECB as it is not my choice. – davidgyoung Sep 02 '15 at 20:59