Can I do AES-128-ECB encryption with Libsodium?

2
votes

I need to encrypt a block of data using AES-128-ECB and would like to do so with libsodium and Ruby. I have prototyped a solution in Ruby using OpenSSL APIs as shown below:

aes = OpenSSL::Cipher::Cipher.new("AES-128-ECB")
aes.encrypt
aes.key = key
aes.update(data) + aes.final

This works, but I need other features from libsodium, so I would like to use it instead and get rid of my dependency on OpenSSL. Unfortunately, I don't see any APIs for ECB mode. I am also using the ruby wrapper RbNaCl, but I don't even see any way to do this using the base libsodium APIs. I do see ones for AES-128-CTR.

Is it possible to encrypt AES-128-ECB with libsodium?

1
rubyaeslibsodium
I don't think you can, because libsodium seems to expose only AES-128-CTR as a primitive. If it would expose AES directly that it would be easy to implement it yourself.Artjom B.

1 Answers

7
votes

libsodium intentionally doesn't support the ECB mode.

In this mode, the same block encrypted twice produces the same ciphertext twice.

A classic illustration of why this is terrible from a security perspective is the ECB penguin.

Instead of providing many primitives, modes and parameters to choose from, with many combinations actually being insecure, libsodium provides a cherry-picked set of secure constructions.

AES-ECB is not one of them, and will never be for the reasons stated above.

You really should switch to a different construction.