Persits Software, Inc. Knowledge Base Articles

Initialization Vector (IV) support in AspEncrypt

Summary

AspEncrypt 2.1.0.2 (released on April 27, 2002) enables you to specify an initialization vector (IV) for symmetric keys via the new method Key.SetIV. This feature is especially useful when AspEncrypt is to be used in tandem with other encryption packages.

This article demonstrates how to use the initialization vector feature in conjunction with the method ImportRawKey to decipher a string encrypted with a given DES key and a given IV value.

Solution

Task at hand: to decipher a string using a given raw DES key and an initialization vector (IV) value.

The following information is provided by another party (all values are Base64-encoded):

DES Key: mInO4JRGtQ4=
IV: X6PfOtMlNmk=
Encrypted string: dBUMGWhRA7dAbOuOvwBna1fwEHKAXW4wVozBoqc7R8o=
Cipher mode: CBC

The following code snippet performs the decryption:

<!--METADATA TYPE="TypeLib" UUID="{B72DF063-28A4-11D3-BF19-009027438003}"-->

<%
Set CM = Server.CreateObject("Persits.CryptoManager")
Set context = CM.OpenContext("", True)

' DES encryption key (Base64-encoded)
Set KeyBlob = CM.CreateBlob
KeyBlob.Base64 = "mInO4JRGtQ4="

' Import key into CryptoKey object. Reverse byte order
Set Key = context.ImportRawKey(KeyBlob, calgDES, True)

' Specify initialization vector (IV, Base64-encoded)
Set IVblob = CM.CreateBlob
IVblob.Base64 = "X6PfOtMlNmk="
Key.SetIV IVblob

' Text to decipher (Base64-encoded)
Set TextBlob = CM.CreateBlob
TextBlob.Base64 = "dBUMGWhRA7dAbOuOvwBna1fwEHKAXW4wVozBoqc7R8o="

' Decrypt
Response.Write Key.DecryptText(TextBlob)
%>

This code snippet should produce the output FiveLittleMonkiesJumpingOnABed.

Two points to note:

1. True is passed to ImportRawKey as the third parameter to reverse the byte order of the key. Most non-CryptoAPI implementations use the opposite byte order for symmetric keys. Whether you should use or omit the third parameter can be determined by trial and error.

2. A cipher mode is not explicitly specified because, according to the other party, the string is encrypted using the CBC mode, and AspEncrypt uses CBC by default. If the string were encoded using, say, the ECB mode, our code would have to include the line

Key.Mode = ccmECB

Other Comments

Relevant article:

HOWTO: Using "raw" symmetric encryption keys with AspEncrypt

We thank Jeff Dick of Northstar.org for helping us test the IV feature.