0

I have the requirement to syncrhonously encrypt a unique ID using AES on iOS / Objective-side; this is afterwards https-transported to a Java-System, where I need to decrypt it.

I am admittedly not a encryption expert. From what I read about the topic, a IV is needed to prevent identical encryption results for the first block and therefore make it harder to brute-force the encryption-result / cipher.

So in reverse this means by my understanding, that the IV is also needed to decrypt as well.

So the first question for my scenario is: -How do I pass the IV to the decryption system? Is it safe to append it to the encrypted String in plain text?

-Wouldn't IV get obsolete if the beginning of the to-encrypt-text would be a dynamic Salt, i.e. timestamp - As far as I see it, this would result in something similar: the beginning of the encrypted message would never be the same despite the same or none IV?

Thank's a lot for your explanations...

Pete
  • 81
  • 1
  • 8
  • If you're sending the ID over https then what you are doing is unnecessary. – Luke Joshua Park Jun 21 '18 at 08:40
  • Hi Thanks - and I guess you are right. Using https would be sufficent. As I am using GET the querystring parameter might be stored in local cache somewhere which is unlovely but not really an issue. And the proposed thread answers my first question perfectly.Nevertheless I am interested in the second question; is a salt at the beginning the same or at least similar as using IV – Pete Jun 21 '18 at 08:51
  • 1
    No it's not. The vulnerabilities of using ECB are still present. Just use an IV, don't try and shortcut. They exist for a reason. – Luke Joshua Park Jun 21 '18 at 09:15

0 Answers0