If you ever want to use a crypto library in Python, you’ll be sad to note that there isn’t one built into Python impressive repertoire of modules. In fact, you’ll most likely hit pycrypt on your Google search to find one. And there is some dirty work you’ll have to do if you want to use symmetric cryptography using this library. And one of the hard/easy parts is knowing the difference between ECB and CBC.
Here, we start initializing the AES object using CBC mode:
>>> from Crypto.Cipher import AES;
>>> aes = AES.new('some key here', AES.MODE_CBC, 'INIT_VECTOR')
Traceback (most recent call last):
File "<console>", line 1, in <module>
ValueError: IV must be 16 bytes long
oops. You’ll have to make you’re initialization vector 16 bytes long. Also, your key has to be 16, 24, or 32 bytes long as well. Let’s do something better :
>>> aes = AES.new('J2-+sfd%932mIt:{', AES.MODE_CBC, 'wir&/>H54mgd9a";')
ah! much better. Even if it was me smashing my hand against the keyboard. Now let’s encrypt/decrypt something important.
>>> aes.encrypt('the answer to life the universe and everything is 42')
Traceback (most recent call last):
File "<console>", line 1, in <module>
ValueError: Input strings must be a multiple of 16 in length
You’ll have to do the dirty work remember:
>>>> ciphertext = aes.encrypt('the answer to life the universe and everything is 42195479204957')
>>> ciphertext
'f0\xa9\xf9f&X)\x0e\x08=\x06\x97\xcbF\xddK\x1a\xa6i\x1d\x02"}\xd9\\\xaa\xb6\xd9J\xe3Q\x07\xaev\x012\xbf\rPN\xd2\xf9\xf7$\x93\xe0/\xcb\xae9\x91K\xd01\xab\xb7\xdb\reR\xff\xef\x1c'
Much better. Now lets decrypt it:
>>> aes.decrypt(ciphertext)
'\xc8\xaf.\x97\x05\x80\n\xe9\xe6\xc4Ju\x04\xbe\xa1Nfe the universe and everything is 42195479204957'
Woah! That isn’t the whole message! So what’s going on?
Remember that initialization vector you set in the beginning? That sets the stage for the first block. But each block becomes the initialization vector for the second block, and so on. So when you decrypt, it is using the initialization vector from the block before. That’s why the first 16 bytes are screwed up. This is a feature of CBC, but not ECB:
>>> aes = AES.new('J2-+sfd%932mIt:{', AES.MODE_ECB, 'wir&/>H54mgd9a";')
>>> ciphertext = aes.encrypt('the answer to life the universe and everything is 42195479204957')
>>> aes.decrypt(ciphertext)'the answer to life the universe and everything is 42195479204957'
And yes, this is a feature. Read the block cipher modes wikipedia article for a better explination. So what’s the answer? Simply, to call aes.new() again before calling decrypt!