Background: I’ve written a pair of .NET functions for AES encryption/decryption.
I want to store the IV with the ciphertext in a single base64 encoded string, similar to as described here.
I’ve seen hashing this example where he appends the salt bytes to the end of the hash bytes, and then base64 encodes the new array. Then, when verifying the hash, he decodes the base64 string, and splits out the salt and hash bytes.
My question is: are there defined standards that describe how I should be performing the concatenation, so that my base64 encoded data could be parsed & decrypted by other programs? Or is it just up to me as the programmer to write my encrypt/decrypt functions to parse the data as I see fit?
The standards would answer questions like: Do I prepend or append the IV bytes to the ciphertext bytes?
My ideal function signature would look like:
// returns base64encodedCiphertextAndIV
string encrypt(string plaintext, string base64encodedKey)
// returns plaintext
string decrypt(string base64encodedCiphertextAndIV, string base64encodedKey)
It is perfectly fine, and pretty much standard, to add the IV to the front of the cyphertext. The IV does not have to be kept secret, only the key has to be kept secret. If you are using CTR mode then it is very important that the IVs be unique within a given key. It is useful, but not so important, to have unique IVs if you are using CBC mode.