AES CBC encryption: does it make sense if I expose the IV along with encryption result (just for conveniently getting IV when decrypt)?

Question

I have seen some code piece (for example, in Ruby)

require 'openssl'
def encrypt_aes_256_cbc(plain_text, encrypt_key)
  cipher = OpenSSL::Cipher::AES.new(256, :CBC)
  cipher.encrypt
  iv = cipher.random_iv
  cipher.key = encrypt_key.ljust(cipher.key_len, '\0').slice(0, 32)
  encrypted = cipher.update(plain_text) + cipher.final
  (encrypted + iv).unpack('H*').first
end
def decrypt_aes_256_cbc(encrypted_text, encrypt_key)
  cipher = OpenSSL::Cipher::AES.new(256, :CBC)
  cipher.decrypt
  raw_data = [encrypted_text].pack('H*')
  cipher.iv = raw_data.slice(raw_data.length - 16, 16)
  cipher.key = encrypt_key.ljust(cipher.key_len, '\0').slice(0, 32)
  cipher.update(raw_data.slice(0, raw_data.length - 16)) + cipher.final
end

This encryption exposes IV to the result, suppose a hacker gets the result of encrypt_aes_256_cbc, then he gets the IV, does this mean that the CBC mode become non sense?

Is this implementation OK?

Without commenting on whether the implementation is OK, the question of whether IV must be secret or not has answers here, and here for example. In essence, the IV need not be kept secret (unlike the key). — KevinO, Mar 05 '21 at 18:54

AES CBC encryption: does it make sense if I expose the IV along with encryption result (just for conveniently getting IV when decrypt)?

0 Answers0