toonamo:
I am new to this encryption and decryption stuff, so i was playing with this library to get a idea on how it works.My questions is why does the decryption function require the original unencrpyted plain message? Should it not be requesting the key and the cypher to decrypt it?
If I encrpted a message on one arduino and sent the cypher to another arduino with the keys hard coded into each seperate program how would i decrpyt the message on the second arduino? I wouldn't want to send the plain text in the message because then it defeats the purpose of encrypting in the first place.
I'll try explain some symmetric encryption AES concepts a little (I found this while googling an arduino AES library - thanks to the O.P. for his/her hard work!)
The password is the actual 'secret' that must never be disclosed to the public. The sender and receiver must know the password to encrypt and decrypt correctly.
To keep things VERY simple, lets NOT break things up and pad strings - I'm simply explaining concepts.
We have our plaintext - "Hello World"
We have our password - "Hunter2"
The encryption will use the password to scramble "Hello World" into (example) "Um1nvnlmPP".
But what happens if you want to send the same encrypted message again? The ciphertext will look exactly the same! This means the bad guys can do "Pattern analysis", not exactly figuring out exactly what's in your message, but they know the same message was sent.
An excellent example is here on Wikipedia:
Block based encryption breaks a message up into little "blocks of data" to encrypt. In the above link, you can clearly see why ECB is a very very bad thing if Initialization Vectors (IV) aren't used for EACH block. What's an IV?
The IV is purely random data that is used WITH your password to encrypt the data. The IV does not need to be kept private, it is often sent with the encrypted message, eg:
Plaintext: "Hello World"
Password: "Hunter2"
IV: (randomly generated) "aabbaabbaa"
The complete message: "[aabbaabbaa][mnmnmnmnmn]"
So the encrypted message that anyone can see contains the IV in plain text. The IV does not need to be kept secret, only the password since it's not easy to crack the encryption without the password. The decrypter takes the IV, the user supplied password and attempts to decrypt the ciphertext
How does the IV help? Lets encrypt the same message again:
Plaintext: "Hello World"
Password: "Hunter2"
IV: (randomly generated) "ccddccddccdd"
Ciphertext: "[ccddccddccdd][opopopopopop]
See the ciphertext is always different, even if the same password is used because the IV is always different. This is only one step of preventing the bad guys identifying the contents of your message.
CBC is a little different. CBC uses a little bit of encrypted data from the previous block to encrypt the next block. The first block still needs the IV to be random. CBC has a smaller data size for a lot of blocks since a single IV can be used for a lot of blocks, while ECB can have only one IV for the lot, to prevent pattern matching as per the wikipedia article, better security would necessitate it should have a unique IV per block.