0

I was trying to push a temporary key to a smart door using tuya developer, but I'm stuck with the encryption I'm doing it in PHP. Tuya ask for this:

The length of the original password is seven digits for Wi-Fi locks and six digits for Zigbee locks and Bluetooth locks. The password is encrypted by using the AES-128 algorithm with ECB mode and PKCS7Padding. To get the original key, decrypt the temporary key ticket_key with AES using the accessKey that is issued by the platform. The output format is hex.

I'm trying to use some libraries but they ask for IV, I was doing some reading, but couldn't figure out if it has to be random or nor, if has to be provided, does it matter what random IV I use or I have to use a format the server-side can understand??

thanks, I'm new in cryptographic

Luis Machado
  • 9
  • 3
  • 1
    ECB doesn't take an IV, but if you have a dog-shit-bad API then it may ask for it, and then ignore it. It is most safe to set to 16 bytes all-zero because for CBC mode the IV is XOR'ed with the first plaintext block, so **if** it gets applied anyway, the XOR will just denigrate into the identity function (i.e. the input to the cipher is just the plaintext block). For more info, look at [the pictures of ECB and CBC here](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB)) – Maarten Bodewes Aug 22 '22 at 21:09
  • If the result of the decryption ends with 16 bytes set to hex 0x10 or 8 bytes set to 0x08 then you still need to unpad to get to the plaintext bytes. You can probably ignore the utterly idiotic "The output format is hex". The output format is almost certainly binary **bytes**. Those devs that created that description don't have a clue. – Maarten Bodewes Aug 22 '22 at 21:13
  • It's the official Tuya documentation, but yes is not very good, maybe they have better documentation in Chinese. The API doesn't ask for IV, it's just that the libraries I was looking asked for one, although it's a multi encryption library, maybe that's why. I'm going to try with openssl in PHP, the library asks for IV but if it's not necessary I should have no problem. – Luis Machado Aug 23 '22 at 03:07
  • Hey @LuisMachado - have you managed to solve this? if so - can you share your solution? – Broshi Jan 23 '23 at 07:48

0 Answers0