Author Topic: AES256 CBC Derivation of Key + IV From Password & Salt values  (Read 767 times)

bcelestia

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
AES256 CBC Derivation of Key + IV From Password & Salt values
« on: November 22, 2017, 09:38:53 AM »
Hi

I am writing a test program in vb6 to communicate with one of our products. The product transmits data using AES256 CBC encryption.
I need to be able to derive both Key & IV from a Password & Salt value.
I can derive the correct key OK using this expression:

HexKey = crypt.Pbkdf2(AESPassword, PWCharset, HashAlg, AESSaltHex, IterationCount, OutputBitLen, Enc)

How do I derive the IV Value?

The Product firmware uses the OpenSSL function PKCS5_PBKDF2_HMAC_SHA1 to derive a combined Key & IV

Is there an equivalent Chillkat Function which can derive the IV?


Chilkat

  • Administrator
  • Full Member
  • *****
  • Posts: 103
  • Karma: +7/-0
    • View Profile
Re: AES256 CBC Derivation of Key + IV From Password & Salt values
« Reply #1 on: November 28, 2017, 09:41:54 AM »
For the case you described, the typical way it's done is to use PBKDF2 to generate enough bytes for both the secret key and the IV.  For AES256, the secret key is 256-bits (i.e. 32 bytes).  The IV is 16 bytes for AES regardless of whether it's AES256, AES128, etc.   Therefore, you would use PBKDF2 to generate 48 bytes (384 bits).

If you get the result in hex, then you would split the returned hex string in two parts -- one part for the secret key, and one part for the IV.

But you really need to know what the other system does.  Did it generate the key and IV material as I described above?  There is no "standard" for it.  Perhaps it generated the key + IV as I described, but maybe it uses the 1st 16 bytes for the IV, and the trailing bytes for the secret key, or maybe the reverse?