Score:1

How can I decrypt AES-256 GCM with key with a IV that is missing?

us flag

I want to decrypt a file that has been encrypted using AES-256 in GCM mode in libressl. I have the key but I don't have the IV, is there any way I can still decrypt?

Maarten Bodewes avatar
in flag
For the internal CTR mode, if you have one full block of plaintext then you XOR it to retrieve the key stream, which is the encrypted counter block, consisting of the nonce and 32 bits of counter (starting at value 2 in unsigned big endian format). So XOR, then decrypt, get first 12 bytes. Didn't post this as an answer because I'm not sure if some GMAC specific tricks can be played. Note to other answerers: for that maybe it matters if the IV/nonce is 12 bytes or not, not sure.
Ova Fleming avatar
us flag
I'm really new to this, I don't understand how I can XOR it then decrypt without the iv to get the first 12 bytes
Maarten Bodewes avatar
in flag
Both the XOR and the decrypt are block operations, so on a full block of ciphertext, using the AES block size of 16 bytes. The **block decrypt** only requires the key, no IV needs to be supplied for that. Does that make more sense?
Maarten Bodewes avatar
in flag
[This following answer](https://stackoverflow.com/a/49244840/589259) may help you with understanding and decrypting the rest of the ciphertext, without actually performing the authenticity check / calculating the tag value.
Ova Fleming avatar
us flag
Where can I block decrypt?
Maarten Bodewes avatar
in flag
You either need direct access to the block cipher itself, or you can use AES-ECB without padding for a single block (which equates to the same thing, but some API's only work on a high level).
Ova Fleming avatar
us flag
All I have is the encrypted text and the AES-256 key where do I get access to the block cipher?
kelalaka avatar
in flag
Check the library doc. With high probably the IV is appended to the ciphertext in this manner $IV|ciphertext|tag$
Ova Fleming avatar
us flag
How can I split them apart? or like unappend the iv from it?
kelalaka avatar
in flag
If I were you, I've already looked at the code and see what it does!. The first 12 bytes should be the IV since GCM's recommended IV size is 12 bytes. The rest is programming skills that is off-topic here.
Ova Fleming avatar
us flag
I just have the key and im using wireshark to get encrpyted packets from the a program, I dont have any of its code.
Maarten Bodewes avatar
in flag
Generally protocols should be known. Without it we cannot tell what to do. Your question is at the scheme level, but your main problem is the protocol level, and we haven't received any info on it (and protocol analysis is beyond our scope - that could be more of a subject for [reverseengineering.se]).
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.