Question
I have some sensitive data that I need to store in a database, however I also need to be able to decrypt that data to its original state. I have been doing some reading and it seems like AES is the way to go (if you disagree then I'm more than happy to receive any suggestions!).
The thing I don't quite get with AES is that there is something called IV, and if I did get this right, IV acts like some sort of "key/password".
So. My question is. If I want to decrypt the database-stored value, then do I also need to know the IV and the key to decrypt it? I would need to store these two values in the database as well?
Solution
The strength is in the Key. There's usually no problem with the IV being known, so storing it alongside the data (either as a separate column or just concatenated onto the start, as common way to do this) is fine.
There may be some other requirement for the IV, however, that you should ensure you follow. These may be around the apparent randomness of the IV, or that IVs should not be reused (although in such a case, it should more correctly be referred to as a Nonce).
OTHER TIPS
IV is used for 'randomising' your data in a way that the same text never gets encrypted in the same way. This increases the strength of your encrypted data.
Example when IV is useful: You encrypt passwords. User A and User B both use the password 'HelloWorld!'. Without and IV, the encrypted data is equal in both cases. If someone knows the password for User A and sees that the encrypted data is the same as for User B, he can then use the password for User A for logging in as user B.
https://stackoverflow.com/questions/23337763
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian