how to decrypt with random nonce in AES encryption

3
votes

I am new in cryptography. I need to encrypt a text using AES with some configuration 

Encryption mode: GCM
Key size: 256 bits
Nonce size: 96 bits
MAC size: 128 bits

As AES is a symmetric algo. so i have a secrete key. I googled and found

nonce is a random number used to make sure a message is unique

But i have a doubt, how i can perform decryption, if nonce is a random number. do i need to store nonce along with each encryption. or any other way i need to split nonce, cipher and mac using key. how can i use the provided configuration for encryption.

2
encryptioncryptographyaesnonce

2 Answers

8
votes

But i have a doubt, how i can perform decryption, if nonce is a random number. do i need to store nonce along with each encryption.

Yes, result of the encryption stored/sent is nonce, ciphertext, mac.

how i can perform decryption, if nonce is a random number

Nonce is randomly generated when encrypting the input and the nonce is then passed along the ciphertext (very often the nonce is prepended as the first block). Indeed you need THE SAME nonce value when decrypting, then the nonce is part of the input for decrpytion, not random

or any other way i need to split nonce, cipher and mac using key. how can i use the provided configuration for encryption.

There is a standardized message format for encrypted document or encrypted XML messages, but these are pretty pretty complex.

In reality - for simpler applications very often we see the encryption output composed as IV || ciphertext || MAC (as concatenation). IV and MAC are having fixed length, so you can cut them out and use the parameters for decryption.

decryption is happening on different machine and language. they have shared only a key for encryption. same key they are using for decryption. if i will add any random value as nonce then how hey will know what logic i have used for nonc

It doesn't matter until you provide the same input. As already mentioned - you may pass the IV (nonce) as part of the message and before decryption separate the nonce and original ciphertext.

BTW: I have a few encryption examples linked

3
votes

Precisely, the nonce must be stored with the cipher text.

Remember, the nonce being part of the cipher text doesn't give the attacker any advantage.

From Wikipedia:

An initialization vector has different security requirements than a key, so the IV usually does not need to be secret. However, in most cases, it is important that an initialization vector is never reused under the same key. For CBC and CFB, reusing an IV leaks some information about the first block of plaintext, and about any common prefix shared by the two messages.

The purpose of initialization vector is to insert some randomness the encryption process so that an attacker cannot know when two identical plaintext messages have been encrypted with the same key.

IV is required for decryption, you can simply send it concatenated with the ciphertext.

IV || ciphertext

The most common way to transmit an initialization vector is, indeed, to prepend it immediately before the ciphertext.