The following node.js code attempts to create a cipher using AES 128 in ECB mode with an initialization vector (IV) filled with 0 bytes. << rant >>I'm aware that encrypting with ECB mode should be avoided at all costs, but it still needs to work for supporting legacy systems built before World War II (when the dangers of enciphering in ECB mode were first discovered).<< /rant >>.
let keyBuffer = Buffer.from("DoNotUseUTF8Keys",'utf8');
let ivBuffer = Buffer.alloc(16); // 16 bytes set to 0
//try {
try {
let cipher = createCipheriv("AES-128-ECB", keyBuffer, ivBuffer);
} catch (e)
{
console.log(e.message);
}
When createCipheriv (or createDeciperiv) is called, the node.js code throws "Invalid IV length".
For a 128-bit (16-byte) cipher, AES should have a 16-byte Initialization Vector (IV).
Is this a bug or am I doing something wrong?
The Node.js team got back to me.
"ECB doesn't utilize an IV, so you should just pass a zero-length Buffer instead"
Seems odd that the developer should have to figure out to pass a 0-length buffer rather than not passing any parameter. I wish they'd at least update the docs.