crypto
Crypto Functions
This module provides a set of cryptographic functions.
References:

md4: The MD4 Message Digest Algorithm (RFC 1320)

md5: The MD5 Message Digest Algorithm (RFC 1321)

sha: Secure Hash Standard (FIPS 1802)

hmac: KeyedHashing for Message Authentication (RFC 2104)

des: Data Encryption Standard (FIPS 463)

aes: Advanced Encryption Standard (AES) (FIPS 197)

ecb, cbc, cfb, ofb, ctr: Recommendation for Block Cipher Modes of Operation (NIST SP 80038A).

rsa: Recommendation for Block Cipher Modes of Operation (NIST 80038A)

dss: Digital Signature Standard (FIPS 1862)
The above publications can be found at
Types
byte() = 0 ... 255 ioelem() = byte()  binary()  iolist() iolist() = [ioelem()] Mpint() = <<ByteLen:32/integerbig, Bytes:ByteLen/binary>>
Functions
start() > ok
Starts the crypto server.
stop() > ok
Stops the crypto server.
info() > [atom()]
Provides the available crypto functions in terms of a list of atoms.
info_lib() > [{Name,VerNum,VerStr}]
Name = binary()
VerNum = integer()
VerStr = binary()
Provides the name and version of the libraries used by crypto.
Name
is the name of the library. VerNum
is
the numeric version according to the library's own versioning
scheme. VerStr
contains a text variant of the version.
> info_lib().
[{<<"OpenSSL">>,9469983,<<"OpenSSL 0.9.8a 11 Oct 2005">>}]
md4(Data) > Digest
Data = iolist()  binary()
Digest = binary()
Computes an MD4
message digest from Data
, where
the length of the digest is 128 bits (16 bytes).
md4_init() > Context
Context = binary()
Creates an MD4 context, to be used in subsequent calls to
md4_update/2
.
md4_update(Context, Data) > NewContext
Data = iolist()  binary()
Context = NewContext = binary()
Updates an MD4 Context
with Data
, and returns
a NewContext
.
md4_final(Context) > Digest
Context = Digest = binary()
Finishes the update of an MD4 Context
and returns
the computed MD4
message digest.
md5(Data) > Digest
Data = iolist()  binary()
Digest = binary()
Computes an MD5
message digest from Data
, where
the length of the digest is 128 bits (16 bytes).
md5_init() > Context
Context = binary()
Creates an MD5 context, to be used in subsequent calls to
md5_update/2
.
md5_update(Context, Data) > NewContext
Data = iolist()  binary()
Context = NewContext = binary()
Updates an MD5 Context
with Data
, and returns
a NewContext
.
md5_final(Context) > Digest
Context = Digest = binary()
Finishes the update of an MD5 Context
and returns
the computed MD5
message digest.
sha(Data) > Digest
Data = iolist()  binary()
Digest = binary()
Computes an SHA
message digest from Data
, where
the length of the digest is 160 bits (20 bytes).
sha_init() > Context
Context = binary()
Creates an SHA context, to be used in subsequent calls to
sha_update/2
.
sha_update(Context, Data) > NewContext
Data = iolist()  binary()
Context = NewContext = binary()
Updates an SHA Context
with Data
, and returns
a NewContext
.
sha_final(Context) > Digest
Context = Digest = binary()
Finishes the update of an SHA Context
and returns
the computed SHA
message digest.
md5_mac(Key, Data) > Mac
Key = Data = iolist()  binary()
Mac = binary()
Computes an MD5 MAC
message authentification code
from Key
and Data
, where the the length of the
Mac is 128 bits (16 bytes).
md5_mac_96(Key, Data) > Mac
Key = Data = iolist()  binary()
Mac = binary()
Computes an MD5 MAC
message authentification code
from Key
and Data
, where the length of the Mac
is 96 bits (12 bytes).
hmac_init(Type, Key) > Context
Type = sha  md5  ripemd160
Key = iolist()  binary()
Context = binary()
Initializes the context for streaming HMAC operations. Type
determines
which hash function to use in the HMAC operation. Key
is the authentication
key. The key can be any length.
hmac_update(Context, Data) > NewContext
Context = NewContext = binary()
Data = iolist()  binary()
Updates the HMAC represented by Context
using the given Data
. Context
must have been generated using an HMAC init function (such as
hmac_init). Data
can be any length. NewContext
must be passed into the next call to hmac_update
.
hmac_final(Context) > Mac
Context = Mac = binary()
Finalizes the HMAC operation referenced by Context
. The size of the resultant MAC is
determined by the type of hash function used to generate it.
hmac_final_n(Context, HashLen) > Mac
Context = Mac = binary()
HashLen = non_neg_integer()
Finalizes the HMAC operation referenced by Context
. HashLen
must be greater than
zero. Mac
will be a binary with at most HashLen
bytes. Note that if HashLen is greater than the actual number of bytes returned from the underlying hash, the returned hash will have fewer than HashLen
bytes.
sha_mac(Key, Data) > Mac
sha_mac(Key, Data, MacLength) > Mac
Key = Data = iolist()  binary()
Mac = binary()
MacLenength = integer() =< 20
Computes an SHA MAC
message authentification code
from Key
and Data
, where the default length of the Mac
is 160 bits (20 bytes).
sha_mac_96(Key, Data) > Mac
Key = Data = iolist()  binary()
Mac = binary()
Computes an SHA MAC
message authentification code
from Key
and Data
, where the length of the Mac
is 96 bits (12 bytes).
des_cbc_encrypt(Key, IVec, Text) > Cipher
Key = Text = iolist()  binary()
IVec = Cipher = binary()
Encrypts Text
according to DES in CBC
mode. Text
must be a multiple of 64 bits (8
bytes). Key
is the DES key, and IVec
is an
arbitrary initializing vector. The lengths of Key
and
IVec
must be 64 bits (8 bytes).
des_cbc_decrypt(Key, IVec, Cipher) > Text
Key = Cipher = iolist()  binary()
IVec = Text = binary()
Decrypts Cipher
according to DES in CBC mode.
Key
is the DES key, and IVec
is an arbitrary
initializing vector. Key
and IVec
must have
the same values as those used when encrypting. Cipher
must be a multiple of 64 bits (8 bytes). The lengths of
Key
and IVec
must be 64 bits (8 bytes).
des_cbc_ivec(Data) > IVec
Data = iolist()  binary()
IVec = binary()
Returns the IVec
to be used in a next iteration of
des_cbc_[encryptdecrypt]
. Data
is the encrypted
data from the previous iteration step.
des_cfb_encrypt(Key, IVec, Text) > Cipher
Key = Text = iolist()  binary()
IVec = Cipher = binary()
Encrypts Text
according to DES in 8bit CFB
mode. Key
is the DES key, and IVec
is an
arbitrary initializing vector. The lengths of Key
and
IVec
must be 64 bits (8 bytes).
des_cfb_decrypt(Key, IVec, Cipher) > Text
Key = Cipher = iolist()  binary()
IVec = Text = binary()
Decrypts Cipher
according to DES in 8bit CFB mode.
Key
is the DES key, and IVec
is an arbitrary
initializing vector. Key
and IVec
must have
the same values as those used when encrypting. The lengths of
Key
and IVec
must be 64 bits (8 bytes).
des_cfb_ivec(IVec, Data) > NextIVec
IVec = iolist()  binary()
Data = iolist()  binary()
NextIVec = binary()
Returns the IVec
to be used in a next iteration of
des_cfb_[encryptdecrypt]
. IVec
is the vector
used in the previous iteration step. Data
is the encrypted
data from the previous iteration step.
des3_cbc_encrypt(Key1, Key2, Key3, IVec, Text) > Cipher
Key1 =Key2 = Key3 Text = iolist()  binary()
IVec = Cipher = binary()
Encrypts Text
according to DES3 in CBC
mode. Text
must be a multiple of 64 bits (8
bytes). Key1
, Key2
, Key3
, are the DES
keys, and IVec
is an arbitrary initializing
vector. The lengths of each of Key1
, Key2
,
Key3
and IVec
must be 64 bits (8 bytes).
des3_cbc_decrypt(Key1, Key2, Key3, IVec, Cipher) > Text
Key1 = Key2 = Key3 = Cipher = iolist()  binary()
IVec = Text = binary()
Decrypts Cipher
according to DES3 in CBC mode.
Key1
, Key2
, Key3
are the DES key, and
IVec
is an arbitrary initializing vector.
Key1
, Key2
, Key3
and IVec
must
and IVec
must have the same values as those used when
encrypting. Cipher
must be a multiple of 64 bits (8
bytes). The lengths of Key1
, Key2
,
Key3
, and IVec
must be 64 bits (8 bytes).
des3_cfb_encrypt(Key1, Key2, Key3, IVec, Text) > Cipher
Key1 =Key2 = Key3 Text = iolist()  binary()
IVec = Cipher = binary()
Encrypts Text
according to DES3 in 8bit CFB
mode. Key1
, Key2
, Key3
, are the DES
keys, and IVec
is an arbitrary initializing
vector. The lengths of each of Key1
, Key2
,
Key3
and IVec
must be 64 bits (8 bytes).
des3_cfb_decrypt(Key1, Key2, Key3, IVec, Cipher) > Text
Key1 = Key2 = Key3 = Cipher = iolist()  binary()
IVec = Text = binary()
Decrypts Cipher
according to DES3 in 8bit CFB mode.
Key1
, Key2
, Key3
are the DES key, and
IVec
is an arbitrary initializing vector.
Key1
, Key2
, Key3
and IVec
must
and IVec
must have the same values as those used when
encrypting. The lengths of Key1
, Key2
,
Key3
, and IVec
must be 64 bits (8 bytes).
des_ecb_encrypt(Key, Text) > Cipher
Key = Text = iolist()  binary()
Cipher = binary()
Encrypts Text
according to DES in ECB mode.
Key
is the DES key. The lengths of Key
and
Text
must be 64 bits (8 bytes).
des_ecb_decrypt(Key, Cipher) > Text
Key = Cipher = iolist()  binary()
Text = binary()
Decrypts Cipher
according to DES in ECB mode.
Key
is the DES key. The lengths of Key
and
Cipher
must be 64 bits (8 bytes).
blowfish_ecb_encrypt(Key, Text) > Cipher
Key = Text = iolist()  binary()
Cipher = binary()
Encrypts the first 64 bits of Text
using Blowfish in ECB mode. Key
is the Blowfish key. The length of Text
must be at least 64 bits (8 bytes).
blowfish_ecb_decrypt(Key, Text) > Cipher
Key = Text = iolist()  binary()
Cipher = binary()
Decrypts the first 64 bits of Text
using Blowfish in ECB mode. Key
is the Blowfish key. The length of Text
must be at least 64 bits (8 bytes).
blowfish_cbc_encrypt(Key, IVec, Text) > Cipher
Key = Text = iolist()  binary()
IVec = Cipher = binary()
Encrypts Text
using Blowfish in CBC mode. Key
is the Blowfish key, and IVec
is an
arbitrary initializing vector. The length of IVec
must be 64 bits (8 bytes). The length of Text
must be a multiple of 64 bits (8 bytes).
blowfish_cbc_decrypt(Key, IVec, Text) > Cipher
Key = Text = iolist()  binary()
IVec = Cipher = binary()
Decrypts Text
using Blowfish in CBC mode. Key
is the Blowfish key, and IVec
is an
arbitrary initializing vector. The length of IVec
must be 64 bits (8 bytes). The length of Text
must be a multiple 64 bits (8 bytes).
blowfish_cfb64_encrypt(Key, IVec, Text) > Cipher
Key = Text = iolist()  binary()
IVec = Cipher = binary()
Encrypts Text
using Blowfish in CFB mode with 64 bit
feedback. Key
is the Blowfish key, and IVec
is an
arbitrary initializing vector. The length of IVec
must be 64 bits (8 bytes).
blowfish_cfb64_decrypt(Key, IVec, Text) > Cipher
Key = Text = iolist()  binary()
IVec = Cipher = binary()
Decrypts Text
using Blowfish in CFB mode with 64 bit
feedback. Key
is the Blowfish key, and IVec
is an
arbitrary initializing vector. The length of IVec
must be 64 bits (8 bytes).
blowfish_ofb64_encrypt(Key, IVec, Text) > Cipher
Key = Text = iolist()  binary()
IVec = Cipher = binary()
Encrypts Text
using Blowfish in OFB mode with 64 bit
feedback. Key
is the Blowfish key, and IVec
is an
arbitrary initializing vector. The length of IVec
must be 64 bits (8 bytes).
aes_cfb_128_encrypt(Key, IVec, Text) > Cipher
aes_cbc_128_encrypt(Key, IVec, Text) > Cipher
Key = Text = iolist()  binary()
IVec = Cipher = binary()
Encrypts Text
according to AES in Cipher Feedback
mode (CFB) or Cipher Block Chaining mode (CBC). Text
must be a multiple of 128 bits (16 bytes). Key
is the
AES key, and IVec
is an arbitrary initializing vector.
The lengths of Key
and IVec
must be 128 bits
(16 bytes).
aes_cfb_128_decrypt(Key, IVec, Cipher) > Text
aes_cbc_128_decrypt(Key, IVec, Cipher) > Text
Key = Cipher = iolist()  binary()
IVec = Text = binary()
Decrypts Cipher
according to Cipher Feedback Mode (CFB)
or Cipher Block Chaining mode (CBC).
Key
is the AES key, and IVec
is an arbitrary
initializing vector. Key
and IVec
must have
the same values as those used when encrypting. Cipher
must be a multiple of 128 bits (16 bytes). The lengths of
Key
and IVec
must be 128 bits (16 bytes).
aes_cbc_ivec(Data) > IVec
Data = iolist()  binary()
IVec = binary()
Returns the IVec
to be used in a next iteration of
aes_cbc_*_[encryptdecrypt]
. Data
is the encrypted
data from the previous iteration step.
aes_ctr_encrypt(Key, IVec, Text) > Cipher
Key = Text = iolist()  binary()
IVec = Cipher = binary()
Encrypts Text
according to AES in Counter mode (CTR). Text
can be any number of bytes. Key
is the AES key and must be either
128, 192 or 256 bits long. IVec
is an arbitrary initializing vector of 128 bits
(16 bytes).
aes_ctr_decrypt(Key, IVec, Cipher) > Text
Key = Cipher = iolist()  binary()
IVec = Text = binary()
Decrypts Cipher
according to AES in Counter mode (CTR). Cipher
can be any number of bytes. Key
is the AES key and must be either
128, 192 or 256 bits long. IVec
is an arbitrary initializing vector of 128 bits
(16 bytes).
aes_ctr_stream_init(Key, IVec) > State
State = { K, I, E, C }
Key = K = iolist()
IVec = I = E = binary()
C = integer()
Initializes the state for use in streaming AES encryption using Counter mode (CTR).
Key
is the AES key and must be either 128, 192, or 256 bts long. IVec
is
an arbitrary initializing vector of 128 bits (16 bytes). This state is for use with
aes_ctr_stream_encrypt and
aes_ctr_stream_decrypt.
aes_ctr_stream_encrypt(State, Text) > { NewState, Cipher}
Text = iolist()  binary()
Cipher = binary()
Encrypts Text
according to AES in Counter mode (CTR). This function can be
used to encrypt a stream of text using a series of calls instead of requiring all
text to be in memory. Text
can be any number of bytes. State is initialized using
aes_ctr_stream_init. NewState
is the new streaming
encryption state that must be passed to the next call to aes_ctr_stream_encrypt
.
Cipher
is the encrypted cipher text.
aes_ctr_stream_decrypt(State, Cipher) > { NewState, Text }
Cipher = iolist()  binary()
Text = binary()
Decrypts Cipher
according to AES in Counter mode (CTR). This function can be
used to decrypt a stream of ciphertext using a series of calls instead of requiring all
ciphertext to be in memory. Cipher
can be any number of bytes. State is initialized using
aes_ctr_stream_init. NewState
is the new streaming
encryption state that must be passed to the next call to aes_ctr_stream_encrypt
.
Text
is the decrypted data.
erlint(Mpint) > N
mpint(N) > Mpint
Mpint = binary()
N = integer()
Convert a binary multiprecision integer Mpint
to and from
an erlang big integer. A multiprecision integer is a binary
with the following form:
<<ByteLen:32/integer, Bytes:ByteLen/binary>>
where both
ByteLen
and Bytes
are bigendian. Mpints are used in
some of the functions in crypto
and are not translated
in the API for performance reasons.
rand_bytes(N) > binary()
N = integer()
Generates N bytes randomly uniform 0..255, and returns the
result in a binary. Uses the crypto
library pseudorandom
number generator.
strong_rand_bytes(N) > binary()
N = integer()
Generates N bytes randomly uniform 0..255, and returns the
result in a binary. Uses a cryptographically secure prng seeded and
periodically mixed with operating system provided entropy. By default
this is the RAND_bytes
method from OpenSSL.
May throw exception low_entropy
in case the random generator
failed due to lack of secure "randomness".
rand_uniform(Lo, Hi) > N
Lo, Hi, N = Mpint  integer()
Mpint = binary()
Generate a random number N, Lo =< N < Hi.
Uses the
crypto
library pseudorandom number generator. The
arguments (and result) can be either erlang integers or binary
multiprecision integers. Hi
must be larger than Lo
.
strong_rand_mpint(N, Top, Bottom) > Mpint
N = non_neg_integer()
Top = 1  0  1
Bottom = 0  1
Mpint = binary()
Generate an N bit random number using OpenSSL's
cryptographically strong pseudo random number generator
BN_rand
.
The parameter Top
places constraints on the most
significant bits of the generated number. If Top
is 1, then the
two most significant bits will be set to 1, if Top
is 0, the
most significant bit will be 1, and if Top
is 1 then no
constraints are applied and thus the generated number may be less than
N bits long.
If Bottom
is 1, then the generated number is
constrained to be odd.
May throw exception low_entropy
in case the random generator
failed due to lack of secure "randomness".
mod_exp(N, P, M) > Result
N, P, M, Result = Mpint
Mpint = binary()
This function performs the exponentiation N ^ P mod M
,
using the crypto
library.
rsa_sign(Data, Key) > Signature
rsa_sign(DigestType, Data, Key) > Signature
Data = Mpint
Key = [E, N, D]
E, N, D = Mpint
DigestType = md5  sha
Mpint = binary()
Signature = binary()
E
is the public exponent, N
is public modulus and
D
is the private exponent.DigestType
is sha.Calculates a DigestType
digest of the Data
and creates a RSA signature with the private key Key
of the digest.
rsa_verify(Data, Signature, Key) > Verified
rsa_verify(DigestType, Data, Signature, Key) > Verified
Verified = boolean()
Data, Signature = Mpint
Key = [E, N]
E, N = Mpint
DigestType = md5  sha  sha256  sha384  sha512
Mpint = binary()
E
is the public exponent and N
is public modulus.DigestType
is sha.Calculates a DigestType
digest of the Data
and verifies that the digest matches the RSA signature using the
signer's public key Key
.
May throw exception notsup
in case the chosen DigestType
is not supported by the underlying OpenSSL implementation.
rsa_public_encrypt(PlainText, PublicKey, Padding) > ChipherText
PlainText = binary()
PublicKey = [E, N]
E, N = Mpint
Padding = rsa_pkcs1_padding  rsa_pkcs1_oaep_padding  rsa_no_padding
ChipherText = binary()
E
is the public exponent and N
is public modulus.Encrypts the PlainText
(usually a session key) using the PublicKey
and returns the cipher. The Padding
decides what padding mode is used,
rsa_pkcs1_padding
is PKCS #1 v1.5 currently the most
used mode and rsa_pkcs1_oaep_padding
is EMEOAEP as
defined in PKCS #1 v2.0 with SHA1, MGF1 and an empty encoding
parameter. This mode is recommended for all new applications.
The size of the Msg
must be less
than byte_size(N)11
if
rsa_pkcs1_padding
is used, byte_size(N)41
if
rsa_pkcs1_oaep_padding
is used and byte_size(N)
if rsa_no_padding
is used.
Where byte_size(N) is the size part of an Mpint1
.
rsa_private_decrypt(ChipherText, PrivateKey, Padding) > PlainText
ChipherText = binary()
PrivateKey = [E, N, D]
E, N, D = Mpint
Padding = rsa_pkcs1_padding  rsa_pkcs1_oaep_padding  rsa_no_padding
PlainText = binary()
E
is the public exponent, N
is public modulus and
D
is the private exponent.Decrypts the ChipherText
(usually a session key encrypted with
rsa_public_encrypt/3)
using the PrivateKey
and returns the
message. The Padding
is the padding mode that was
used to encrypt the data,
see rsa_public_encrypt/3.
rsa_private_encrypt(PlainText, PrivateKey, Padding) > ChipherText
PlainText = binary()
PrivateKey = [E, N, D]
E, N, D = Mpint
Padding = rsa_pkcs1_padding  rsa_no_padding
ChipherText = binary()
E
is the public exponent, N
is public modulus and
D
is the private exponent.Encrypts the PlainText
using the PrivateKey
and returns the cipher. The Padding
decides what padding mode is used,
rsa_pkcs1_padding
is PKCS #1 v1.5 currently the most
used mode.
The size of the Msg
must be less than byte_size(N)11
if
rsa_pkcs1_padding
is used, and byte_size(N)
if rsa_no_padding
is used. Where byte_size(N) is the size part of an Mpint1
.
rsa_public_decrypt(ChipherText, PublicKey, Padding) > PlainText
ChipherText = binary()
PublicKey = [E, N]
E, N = Mpint
Padding = rsa_pkcs1_padding  rsa_no_padding
PlainText = binary()
E
is the public exponent and N
is public modulusDecrypts the ChipherText
(encrypted with
rsa_private_encrypt/3)
using the PrivateKey
and returns the
message. The Padding
is the padding mode that was
used to encrypt the data,
see rsa_private_encrypt/3.
dss_sign(Data, Key) > Signature
dss_sign(DigestType, Data, Key) > Signature
DigestType = sha  none (default is sha)
Data = Mpint  ShaDigest
Key = [P, Q, G, X]
P, Q, G, X = Mpint
ShaDigest = binary() with length 20 bytes
Signature = binary()
P
, Q
and G
are the dss
parameters and X
is the private key.Creates a DSS signature with the private key Key
of a digest.
If DigestType
is 'sha', the digest is calculated as SHA1 of Data
.
If DigestType
is 'none', Data
is the precalculated SHA1 digest.
dss_verify(Data, Signature, Key) > Verified
dss_verify(DigestType, Data, Signature, Key) > Verified
Verified = boolean()
DigestType = sha  none
Data = Mpint  ShaDigest
Signature = Mpint
Key = [P, Q, G, Y]
P, Q, G, Y = Mpint
ShaDigest = binary() with length 20 bytes
P
, Q
and G
are the dss
parameters and Y
is the public key.Verifies that a digest matches the DSS signature using the public key Key
.
If DigestType
is 'sha', the digest is calculated as SHA1 of Data
.
If DigestType
is 'none', Data
is the precalculated SHA1 digest.
rc2_cbc_encrypt(Key, IVec, Text) > Cipher
Key = Text = iolist()  binary()
Ivec = Cipher = binary()
Encrypts Text
according to RC2 in CBC mode.
rc2_cbc_decrypt(Key, IVec, Cipher) > Text
Key = Text = iolist()  binary()
Ivec = Cipher = binary()
Decrypts Cipher
according to RC2 in CBC mode.
rc4_encrypt(Key, Data) > Result
Key, Data = iolist()  binary()
Result = binary()
Encrypts the data with RC4 symmetric stream encryption. Since it is symmetric, the same function is used for decryption.
dh_generate_key(DHParams) > {PublicKey,PrivateKey}
dh_generate_key(PrivateKey, DHParams) > {PublicKey,PrivateKey}
DHParameters = [P, G]
P, G = Mpint
PublicKey, PrivateKey = Mpint()
P
is the shared prime number and G
is the shared generator.Generates a DiffieHellman PublicKey
and PrivateKey
(if not given).
dh_compute_key(OthersPublicKey, MyPrivateKey, DHParams) > SharedSecret
DHParameters = [P, G]
P, G = Mpint
OthersPublicKey, MyPrivateKey = Mpint()
SharedSecret = binary()
P
is the shared prime number and G
is the shared generator.Computes the shared secret from the private key and the other party's public key.
exor(Data1, Data2) > Result
Data1, Data2 = iolist()  binary()
Result = binary()
Performs bitwise XOR (exclusive or) on the data supplied.
DES in CBC mode
The Data Encryption Standard (DES) defines an algorithm for encrypting and decrypting an 8 byte quantity using an 8 byte key (actually only 56 bits of the key is used).
When it comes to encrypting and decrypting blocks that are multiples of 8 bytes various modes are defined (NIST SP 80038A). One of those modes is the Cipher Block Chaining (CBC) mode, where the encryption of an 8 byte segment depend not only of the contents of the segment itself, but also on the result of encrypting the previous segment: the encryption of the previous segment becomes the initializing vector of the encryption of the current segment.
Thus the encryption of every segment depends on the encryption key (which is secret) and the encryption of the previous segment, except the first segment which has to be provided with an initial initializing vector. That vector could be chosen at random, or be a counter of some kind. It does not have to be secret.
The following example is drawn from the old FIPS 81 standard (replaced by NIST SP 80038A), where both the plain text and the resulting cipher text is settled. The following code fragment returns `true'.
Key = <<16#01,16#23,16#45,16#67,16#89,16#ab,16#cd,16#ef>>, IVec = <<16#12,16#34,16#56,16#78,16#90,16#ab,16#cd,16#ef>>, P = "Now is the time for all ", C = crypto:des_cbc_encrypt(Key, IVec, P), % Which is the same as P1 = "Now is t", P2 = "he time ", P3 = "for all ", C1 = crypto:des_cbc_encrypt(Key, IVec, P1), C2 = crypto:des_cbc_encrypt(Key, C1, P2), C3 = crypto:des_cbc_encrypt(Key, C2, P3), C = <<C1/binary, C2/binary, C3/binary>>, C = <<16#e5,16#c7,16#cd,16#de,16#87,16#2b,16#f2,16#7c, 16#43,16#e9,16#34,16#00,16#8c,16#38,16#9c,16#0f, 16#68,16#37,16#88,16#49,16#9a,16#7c,16#05,16#f6>>, <<"Now is the time for all ">> == crypto:des_cbc_decrypt(Key, IVec, C).
The following is true for the DES CBC mode. For all
decompositions P1 ++ P2 = P
of a plain text message
P
(where the length of all quantities are multiples of 8
bytes), the encryption C
of P
is equal to C1 ++
C2
, where C1
is obtained by encrypting P1
with
Key
and the initializing vector IVec
, and where
C2
is obtained by encrypting P2
with Key
and the initializing vector last8(C1)
,
where last(Binary)
denotes the last 8 bytes of the
binary Binary
.
Similarly, for all decompositions C1 ++ C2 = C
of a
cipher text message C
(where the length of all quantities
are multiples of 8 bytes), the decryption P
of C
is equal to P1 ++ P2
, where P1
is obtained by
decrypting C1
with Key
and the initializing vector
IVec
, and where P2
is obtained by decrypting
C2
with Key
and the initializing vector
last8(C1)
, where last8(Binary)
is as above.
For DES3 (which uses three 64 bit keys) the situation is the same.