Skip to content
This repository has been archived by the owner on Dec 29, 2022. It is now read-only.

AES with stronger (non-default) key size 256 generates a wrong sized byte initialization vector #43

GoogleCodeExporter opened this issue Mar 7, 2015 · 2 comments


Copy link

This is the same issue than the one observed with Java
( Type
Status Priority Milestone Owner Implementation Summary) but for Python this

Pycrypto only accepts AES IV of 16 bytes (when self.block_size is 24 or 32
bytes it fails)

Metada and key are created this way:

python create --location=/home/ookoi/kz --purpose=crypt
python addkey --location=/home/ookoi/kz --status=primary --size=256

Test code:
import keyczar

input = "ttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt"
crypter = keyczar.Crypter.Read("/home/ookoi/kz")
ciphertext = crypter.Encrypt(input)
plaintext = crypter.Decrypt(ciphertext)
assert(input == plaintext)

Which gives:
Traceback (most recent call last):
  File "", line 5, in <module>
    ciphertext = crypter.Encrypt(input)
"/home/ookoi/Bureau/keyczar-read-only/python/src/keyczar/", line
314, in Encrypt
    return util.Encode(encrypting_key.Encrypt(data))
  File "/home/ookoi/Bureau/keyczar-read-only/python/src/keyczar/",
line 256, in Encrypt
    ciph_bytes =, AES.MODE_CBC, iv_bytes).encrypt(data)
ValueError: IV must be 16 bytes long

Original issue reported on by sebastien.martini on 12 Jan 2009 at 1:52

Copy link

Same fix. You were setting the block size equal to the length of the key, which 
be 16, 24, or 32 bytes. AES' block size is always 16. Patch attached.

Original comment by on 4 Jun 2009 at 11:05


Copy link

Fixed in rev. 417

Original comment by sebastien.martini on 4 Jun 2009 at 12:04

  • Changed state: Fixed

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet

No branches or pull requests

1 participant