Node.js crypto: Invalid IV length

9k views Asked by At

The following node.js code attempts to create a cipher using AES 128 in ECB mode with an initialization vector (IV) filled with 0 bytes. << rant >>I'm aware that encrypting with ECB mode should be avoided at all costs, but it still needs to work for supporting legacy systems built before World War II (when the dangers of enciphering in ECB mode were first discovered).<< /rant >>.

let keyBuffer = Buffer.from("DoNotUseUTF8Keys",'utf8');
let ivBuffer = Buffer.alloc(16); // 16 bytes set to 0
//try {
try {
  let cipher = createCipheriv("AES-128-ECB", keyBuffer, ivBuffer);
} catch (e)
{
  console.log(e.message);
}

When createCipheriv (or createDeciperiv) is called, the node.js code throws "Invalid IV length".

For a 128-bit (16-byte) cipher, AES should have a 16-byte Initialization Vector (IV).

Is this a bug or am I doing something wrong?

1

There are 1 answers

2
Stuart Schechter On

The Node.js team got back to me.

"ECB doesn't utilize an IV, so you should just pass a zero-length Buffer instead"

let ivBuffer = Buffer.alloc(0);

Seems odd that the developer should have to figure out to pass a 0-length buffer rather than not passing any parameter. I wish they'd at least update the docs.