Join Log in
Score:1
Ova Fleming avatar Crypto

How can I decrypt AES-256 GCM with key with a IV that is missing?

us flag
Ova Fleming

I want to decrypt a file that has been encrypted using AES-256 in GCM mode in libressl. I have the key but I don't have the IV, is there any way I can still decrypt?

319
0 + 12
gcm
Maarten Bodewes avatar
in flag
Maarten Bodewes
For the internal CTR mode, if you have one full block of plaintext then you XOR it to retrieve the key stream, which is the encrypted counter block, consisting of the nonce and 32 bits of counter (starting at value 2 in unsigned big endian format). So XOR, then decrypt, get first 12 bytes. Didn't post this as an answer because I'm not sure if some GMAC specific tricks can be played. Note to other answerers: for that maybe it matters if the IV/nonce is 12 bytes or not, not sure.
2
Reply
Ova Fleming avatar
us flag
Ova Fleming
I'm really new to this, I don't understand how I can XOR it then decrypt without the iv to get the first 12 bytes
0
Reply
Maarten Bodewes avatar
in flag
Maarten Bodewes
Both the XOR and the decrypt are block operations, so on a full block of ciphertext, using the AES block size of 16 bytes. The **block decrypt** only requires the key, no IV needs to be supplied for that. Does that make more sense?
0
Reply
Maarten Bodewes avatar
in flag
Maarten Bodewes
[This following answer](https://stackoverflow.com/a/49244840/589259) may help you with understanding and decrypting the rest of the ciphertext, without actually performing the authenticity check / calculating the tag value.
0
Reply
Ova Fleming avatar
us flag
Ova Fleming
Where can I block decrypt?
0
Reply
Maarten Bodewes avatar
in flag
Maarten Bodewes
You either need direct access to the block cipher itself, or you can use AES-ECB without padding for a single block (which equates to the same thing, but some API's only work on a high level).
0
Reply
Ova Fleming avatar
us flag
Ova Fleming
All I have is the encrypted text and the AES-256 key where do I get access to the block cipher?
0
Reply
kelalaka avatar
in flag
kelalaka
Check the library doc. With high probably the IV is appended to the ciphertext in this manner $IV|ciphertext|tag$
0
Reply
Ova Fleming avatar
us flag
Ova Fleming
How can I split them apart? or like unappend the iv from it?
0
Reply
kelalaka avatar
in flag
kelalaka
If I were you, I've already looked at the code and see what it does!. The first 12 bytes should be the IV since GCM's recommended IV size is 12 bytes. The rest is programming skills that is off-topic here.
0
Reply
Ova Fleming avatar
us flag
Ova Fleming
I just have the key and im using wireshark to get encrpyted packets from the a program, I dont have any of its code.
0
Reply
Maarten Bodewes avatar
in flag
Maarten Bodewes
Generally protocols should be known. Without it we cannot tell what to do. Your question is at the scheme level, but your main problem is the protocol level, and we haven't received any info on it (and protocol analysis is beyond our scope - that could be more of a subject for [reverseengineering.se]).
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.