I have a function that encrypts my key text input from the user using AES. and decrypts it on request. What is an ideal way to maintain the key and IV for AES encryption(As of now hard-coded in application). I save the encrypted data every time in database. On page load encrypted value is retrieved from database. This value is decrypted on a button click. Is there any best I could use key and IV in a better way.
1 Answers
5
votes
The IV can be saved (or can even be "exposed"/transmitted publicly); it is no 'secret'. The key should be kept private. So you could save/transmit your data like <iv_here>;<encrypted_data_here>.
See wikipedia:
An initialization vector (IV) is a block of bits that is used by several modes to randomize the encryption and hence to produce distinct ciphertexts even if the same plaintext is encrypted multiple times, without the need for a slower re-keying process.
An initialization vector has different security requirements than a key, so the IV usually does not need to be secret. However, in most cases, it is important that an initialization vector is never reused under the same key.
