You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I'm performing encryption and dectryption with AES/CBC/WITHCTS. If the data is less than 16 bytes, a block, then I get the following error:
javax.crypto.IllegalBlockSizeException: need at least one block of input for CTS at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source) ~[bcprov-jdk15on-1.69.jar!/:1.69.0] at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2417) ~[na:na]
Ciphertext stealing for CBC mode doesn't necessarily require the plaintext to be longer than one block. In the case where the plaintext is one block long or less, the Initialization vector (IV) can act as the prior block of ciphertext. In this case a modified IV must be sent to the receiver. This may not be possible in situations where the IV can not be freely chosen by the sender when the ciphertext is sent (e.g., when the IV is a derived or pre-established value), and in this case ciphertext stealing for CBC mode can only occur in plaintexts longer than one block.
Are there any examples on how todo that?
The text was updated successfully, but these errors were encountered:
@trohsb I don't see an actual description in either the wikipedia or the NIST publication of this algorithm (for the "modified IV"). Do you have a source for this?
Hi,
I'm performing encryption and dectryption with AES/CBC/WITHCTS. If the data is less than 16 bytes, a block, then I get the following error:
javax.crypto.IllegalBlockSizeException: need at least one block of input for CTS at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source) ~[bcprov-jdk15on-1.69.jar!/:1.69.0] at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2417) ~[na:na]
Wikipedia says:
Ciphertext stealing for CBC mode doesn't necessarily require the plaintext to be longer than one block. In the case where the plaintext is one block long or less, the Initialization vector (IV) can act as the prior block of ciphertext. In this case a modified IV must be sent to the receiver. This may not be possible in situations where the IV can not be freely chosen by the sender when the ciphertext is sent (e.g., when the IV is a derived or pre-established value), and in this case ciphertext stealing for CBC mode can only occur in plaintexts longer than one block.
Are there any examples on how todo that?
The text was updated successfully, but these errors were encountered: