1 (edited by RCuller 2023-11-02 07:40:42)

Topic: Decrypt with AES 256

I'm sure I'm overlooking something fundamental in the docs. I'm prototyping a method to decrypt a short password that was encrypted using AES 256. I suspect this is defaulting to AES 128 but I can't find how to change it. Can someone please point me in the right direction?

std::string WolfDec(std::string sPw)
{
    Aes enc;
    Aes dec;

    const byte key[] = "Some32ByteKeyForTestingTheDecode";
    const byte iv[] = "A16BitIVisNeeded";

    byte plain[1024];
    byte cipher[1024];

    memset(plain, 0, 1024);
    memset(cipher, 0, 1024);
   
    // Decrypt cipher to plain
    memmove(cipher, sPw.data(), sPw.length());
    wc_AesSetKey(&dec, key, sizeof(key), iv, AES_DECRYPTION);
    wc_AesCbcDecrypt(&dec, plain, cipher, sizeof(cipher));

    std::string sRet;
    sRet.append((const char*)plain);

    return sRet;
}

Share

Re: Decrypt with AES 256

Hi RCuller,

Your example looks valid. The key size passed in sizeof(key) is 32 so it will use AES 256-bit. The AES CBC requires the input to be block aligned at 16 bytes. Is there a reason you are using 1024 bytes? I assume your encrypt routine looks similar and takes in a null terminated string and also uses 1024 bytes?

We have a good AES CBC file encryption example here:
https://github.com/wolfSSL/wolfssl-exam … -encrypt.c

Another thing to coding is making sure you include wolfssl/options.h above the other wolfSSL header includes. See FAQ 1: https://www.wolfssl.com/docs/frequently … r_wolfSSL?

Thanks,
David Garske, wolfSSL

Share

Re: Decrypt with AES 256

I was simply being lazy with the 1024 for the prototype and provide a buffer that's plenty big for the expected string. The encrypted pw is sent to me from another application that used AES 256 to encrypt (probably OpenSLL but I'm not sure) and I'm using the same key and iv values.

Share

Re: Decrypt with AES 256

Hi RCuller,

The input password will need to be padded to block size before being encrypted. The block should still decrypt properly even if you use a larger size. If you can explain how the encryption works it will help us guide you. Hopefully the example will provide some clues.

If you'd like to take this to a private channel you can email support at wolfssl dot com and we'll provide free pre-sales support.

Thanks,
David Garske, wolfSSL

Share