1

I need to encrypt with AES-256, but I ALSO need a key size LARGER than 32 bytes. I have a function that takes text, a key, and an IV, and returns the encrypted text. It works with everything smaller than 32 bytes, but anything larger gives me an error.

So essentially, how can I implement a way to use keys larger than 32 bytes? I've already tried splitting the key into a vector of 32-byte (or less) strings, then using those as the keys, but I couldn't figure out a way to uniformly encrypt the text with all of those keys at once, so what can I do?

roach
  • 84
  • 1
  • 8
  • User-inputted values like passwords tend to be low-entropy, which suggests a different treatment using password-based key derivation functions like argon2. – President James K. Polk Oct 13 '20 at 15:24
  • Why would you need a key of more than 32 bytes? Is the text length that is in question? The question is technically wrong. – Eiconic Oct 13 '20 at 15:25
  • I'm using the key input AS the key, for example a password. I'm probably just going to sha256 the input – roach Oct 13 '20 at 15:27

1 Answers1

2

With AES-256 the key size is always 32 bytes long (256/8 = 32).

When the input secret is not exactly 32 bytes and/or of poor quality, a key derivation function is used. With keys of sufficient entropy a simple hashing function such as SHA-256, is sufficient.

In other words, just feed your input key through SHA-256 and out comes a 32-byte key usable for AES-256.

rustyx
  • 80,671
  • 25
  • 200
  • 267