Need solution for wrong IV length in AES

Related searches

I'm trying to implement AES in Java and this is the code I use:

 byte[] sessionKey = {00000000000000000000000000000000};
 byte[] iv = {00000000000000000000000000000000};
 byte[] plaintext = "6a84867cd77e12ad07ea1be895c53fa3".getBytes();
 Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

 cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(sessionKey, "AES"), new IvParameterSpec(iv));
 byte[] ciphertext = cipher.doFinal(plaintext);

 cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(sessionKey, "AES"), new IvParameterSpec(iv));
 byte[] deciphertext = cipher.doFinal(ciphertext);

I need this fixed key and IV for test purpose but I get the following exception:

Exception in thread "main" 
  Wrong IV length: must be 16 bytes long    at
com.sun.crypto.provider.SunJCE_h.a(DashoA12275)     at
com.sun.crypto.provider.AESCipher.engineInit(DashoA12275)   at
javax.crypto.Cipher.a(DashoA12275)  at
javax.crypto.Cipher.a(DashoA12275)  at
javax.crypto.Cipher.init(DashoA12275)   at

How can I use this fixed IV with this implementation of AES? Is there any way?


byte[] iv = {00000000000000000000000000000000};

creates a byte array of size 1 and not a byte array of size 32 (if that is your intention).

Secondly, the IV size of AES should be 16 bytes or 128 bits (which is the block size of AES-128). If you use AES-256, the IV size should be 128 bits large, as the AES standard allows for 128 bit block sizes only. The original Rijndael algorithm allowed for other block sizes including the 256 bit long block size.

Thirdly, if you are intending to use a AES-256, this does not come out of the box. You need to download and install the JCE Unlimited Strength Jurisdiction Policy Files (scroll to the bottom of the page); I would also recommend reading the accompanying license.

This would result in the following change to your code:

byte[] iv = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};

Finally, the initialization vector is meant to be unique and unpredictable. A sequence of 16 bytes, with each byte represented by a value of 0, is not a suitable candidate for an IV. If this is production code, consider getting help.

Initialization vector length insufficient in AES, The answer to that is, well, that's how CBC mode works. If I am wrong, you can get started by looking at Description of CBC Mode; if you You probably want to store the IV with the ciphertext, it is fine to just prepend the IV to� Need solution for wrong IV length in AES. a guest Apr 10th, 2012 481 Never Not a member of Pastebin yet? Sign Up Wrong IV length: must be 16 bytes long at.

From Advanced Encryption Standard:

The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively

(Emphasis added)

From Initialization Vector:

For block cipher modes of operation, the IV is usually as large as the block size of the cipher

Combine those two factors together, and you get that the IV is always 128 bits for AES, independent of the key size.

Encrypting using AES-256, can I use 256 bits IV?, For most modes (e.g. CBC), the IV must have the same length as the block. AES uses To further confuse things, some software frameworks got it wrong; e.g. PHP uses improve this answer follow The block size of AES is always 128 bits, so a 256 bit IV is not possible for most modes of operation. The only factor of the block cipher that influences the IV value is the block size, which is fixed at 128 bits for AES. An IV can have the following properties that depend on the mode of operation: the size of the IV may differ, e.g. CBC always requires a 16 byte IV of the full block size while GCM defaults to a 12 byte IV;

Why not just use something like that instead of using "magic numbers":

SecureRandom random = new SecureRandom();
byte[] iv = random.generateSeed(16);

So you get 16 random bytes for your iv.

AES Wrong IV , This question already has an answer here: Need solution for wrong IV length in AES 5 answers Iam trying to Encrypt data using AES encryption� The CBC (Cipher Block Chaining) mode (Fig. 2) provides this by using an initialization vector – IV. The IV has the same size as the block that is encrypted. In general, the IV usually is a random number, not a nonce. We can see it in figure 2, the plaintext is divided into blocks and needs to add padding data.

AES here is probably AES-128 not AES-256.You must include extra jar if you want to enable AES-256 as there are export control policies in place. So check that first. AES-128 is enough in most cases.

Your IV can't be more than 128 bits i.e. 16 bytes when it is AES-128. So change the initialization vector length.

That must work. Also, read this

Warning: It is not a good practice to have a fixed IV. It must be random or pseudorandom to offer better security.

Want to use AES 256 CBC with 32 bytes but it shows , InvalidAlgorithmParameterException: Wrong IV length: must be 16 bytes long at at When a symmetric cipher mode requires an IV, the length of the IV must be equal to the block size of the cipher. Hence, you must always use an IV of 128 bits (16 bytes) with AES. AES provides 128 bit, 192 bit and 256 bit of secret key size for encryption.

The reason why I had this problem was because I was reading the IV as a String, and converting it to a byte array the wrong way.

Right way:


using org.apache.commons.codec.binary.Hex

Wrong way:


The reason this was wrong, is because when you call getBytes(), it just takes all bits that represent the string and cuts them into bytes. So 0 ends up being written as the bits that make up the index of 0 in the Unicode table, which is not 0 but 30, and which would be written on 2 bytes.

Conversely, what you want here is actually that 0 be represented as the byte 00000000.

Java Code Examples for javax.crypto.Cipher, getInstance("AES"); // decrypting the text cipher.init(Cipher. getBytes ()); byte[] result = new byte[iv.length + c.length]; System.arraycopy (iv, 0, System.out. println("decrypt with wrong AAD"); // initialize it with wrong AAD to get is not the ideal long term solution for determining whether we need decryption, but works if (file. Typically for AES the IV is the size of a block so the IV is 128-bits long. My solution does actually follow the CCrypt snippet you posted – if you look at the IVs you’ll see they are 32 character hexadecimal strings, 16 pairs – each hex letter pair represents 8-bits each so (8 x 16 = 128-bit). Hope that helps.

Another note is to never use a IV which is all 0 just for convenience. IV's are equal in size with of your block. In case of AES-128, the blocksize is 128, the keysize is 128 and hence the IV is 128 bits. The best way to do this is by creating a random AES key and using it as IV.

If you are encrypting data which always has a length of 32 bytes (or multiple of the block size) you do not have to use padding at all. If the plain text is of arbitrary length, then you have to pad your text and use a mechanism to be able to separate the data from the padding when you decrypt.

Use different random data for the initialisation vector each time encryption is made with the same key. mcrypt_create_iv () is one choice for random data. AES uses 16 byte blocks, so you need 16 bytes for the iv. Join the iv data to the encrypted result and extract the iv data again when decrypting.

  • Actually Im not confused with this error, im just not sure how i can use the curretn IV i have now
  • Thanks a lot for the correction, that really helped. Can you please suggest me how can i change the code for AES-256? Actually AES-256 is what i want to implement.
  • The IV size is based around the block size, not the key size.
  • So how i can modify the block size to use my current IV?
  • @Shahed, I don't think the JCE implementation will allow for that. Note the edit I made - the AES standard allows for only block sizes of 128 bits.
  • Use a Hex decoder, like the one in Apache Commons Codec to decode the hex-encoded value and to get the byte array. If you have any further questions, I would suggest asking that as a new question, as the comments area is not really meant for asking new questions.
  • can you please take a look at my question. i cant seem to make it work.…
  • if IV size is based on block size so why mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); returns 32? Does it return the bytes size to generate the IV bytes?
  • @user4271704 - RIJNDAEL was the basis for AES, and did indeed use different block sizes. You need to decide whether you're doing AES (16 bytes always) or RIJNDAEL.
  • I know that, I am asking about how to calculate IV size? should I convert the block size from bites into bytes for IV size?
  • There's no need to generate IV by hand. It can be obtained from Cipher after encryption: cipher.getParameters().getParameterSpec(IvParameterSpec.class).getIV();
  • to decrypt you will need the same IV, so uses the random IV do not works at least you save the generated IV
  • Can you please give me any idea on what jars i might need to enable AES-256?
  • Either use jars from Bouncy castle from or read this link… Bouncy castle may help you but the other link, I doubt. Try googling for that jar after reading it. Hope it helps. If my answer solved your problem, then accept it! :)
  • can you please take a look at my question. i cant seem to make it work.…