2

Due to some platform restrictions our decryption algorithm can only handle up to 1 million bytes. The string we receive is larger, having been generated by AES in cipher block chaining (CBC) mode, with PKCS5 padding.

Is it possible to somehow split the encrypted data and decrypt the parts?

Cryptographeur
  • 4,317
  • 2
  • 27
  • 40
h9nry
  • 123
  • 4

1 Answers1

5

Absolutely. The key point is that, whilst in CBC mode, the encryption can be thought of as using the previous ciphertext as the IV - have a look at this diagram from wikipedia: CBC decryption

I assume from what you've said that you have a function that will "do" AES-CBC decryption on large amounts of data, and you wish to use this. So, you simply run: $$ D_k^{IV}(c_1\ ||c_2\ ||\dots||c_n\ ) = m_1\ ||m_2\ ||\dots||m_n\ \\ D_k^{c_n}(c_{n+1}||c_{n+2}||\dots||c_{2n}) = m_{n+1}||m_{n+2}||\dots||m_{2n} $$

That is, wherever you 'break' the flow from the CBC output, you simply use the previous ciphertext as the IV to start the next section.

Cryptographeur
  • 4,317
  • 2
  • 27
  • 40
  • Im trying to do this because of a platform limitation But for Encryption. But here is my problem. After the first 16bytes is encrypted the result is 32bytes... so i cannot pass it as an IV for the next iteration. any help ? – spaceMonkey May 15 '17 at 10:16