0
     As an example, encryption can be done as follows:

    >>> from Crypto.Cipher import AES
    >>> from Crypto import Random
    >>>
    >>> key = b'Sixteen byte key'
    >>> iv = Random.new().read(AES.block_size)
    >>> cipher = AES.new(key, AES.MODE_CFB, iv)
    >>> msg = iv + cipher.encrypt(b'Attack at dawn')

when i execute 'msg' out on the interpreter i receive 

    b'D\x9e\nRF\xb9\xe3\xa0%vN\xe8bC\xe7\r8\xec\xae\x84\x9b\xf9\x11\xdc\xdf\xcb\xf4\xfev\x9b'

i understand that this is the 'key' variable being the 'Sixteen byte key' in byte form.

Now that the 'msg' is encrypted what can I do to decrypt this message?

OneCricketeer
  • 179,855
  • 19
  • 132
  • 245
VeganxEdge
  • 3
  • 2
  • You continue reading the examples to `decrypt`? – OneCricketeer Apr 26 '17 at 01:47
  • i did but then became a tad bit confused. this is what follows on the doc. – VeganxEdge Apr 26 '17 at 01:51
  • Seems to clear to me... You use the same key and the encrypted message. – OneCricketeer Apr 26 '17 at 01:53
  • You didn't just encrypt the message, though, you added `iv`, thereby salting the message. You'd need a way to extract that randomly generated `iv` – OneCricketeer Apr 26 '17 at 01:55
  • thank you for your time. i need to re read to docs. lol. – VeganxEdge Apr 26 '17 at 01:58
  • @cricket_007 An IV is most definitely not a salt. And you can't "extract" an IV from ciphertext unless the ciphertext had the IV appended. – Luke Joshua Park Apr 26 '17 at 01:58
  • question: the 'iv' variable randomizes the key correct? – VeganxEdge Apr 26 '17 at 02:00
  • @Luke Is salt not just a generic verb in crypto? Rephrase: I didn't say it was a salt, but the message was salted – OneCricketeer Apr 26 '17 at 02:01
  • @VeganxEdge Nope. See [here](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation). – Luke Joshua Park Apr 26 '17 at 02:01
  • @cricket_007 Nope, it isn't that generic. Salting is when you append or prepend information before hashing, the information itself is a salt. The IV is not prepended or appended to the plaintext. A number of different things could happen depending on the Block Mode but the IV is never a salt. – Luke Joshua Park Apr 26 '17 at 02:03
  • @Luke so you're saying that `iv + cipher.encrypt` is correct? The IV should not only be used as the last parameter to the AES? That's what I referred to... The `iv +` – OneCricketeer Apr 26 '17 at 02:05
  • 2
    @cricket_007 I'm not completely sure what you are asking... but when you encrypt with an IV, you don't append the IV to the plaintext, therefore, it is not a salt. However, it is common practice to append or prepend to the **ciphertext**. But since this is the final result, it still isn't a salt. Does that make more sense? – Luke Joshua Park Apr 26 '17 at 02:06

0 Answers0