AES functions

I know this is an old thread, but I wanted to answer the question from Scott about the key length above for anyone else landing here.

 

 

The AES::key command generates object represented as a list with 3 elements or a string in the format "AES (128 | 192 | 256) <32, 48, 64 HEX digits respectively>".

 

 

when RULE_INIT {

 

set secret_key [AES::key 128]

 

log local0. " of chars of key is [string length $secret_key]"

 

log local0. "Key as list: [list $secret_key]"

 

log local0. "Key as string: $secret_key"

 

}

 

 

Jul 8 06:01:51 info tmm1[4989]: Rule aes-key : of chars of key is 40

 

Jul 8 06:01:51 info tmm1[4989]: Rule aes-key : Key as list: {AES 128 679152125086aacfbc35ef2b1ede5abf}

 

Jul 8 06:01:51 info tmm1[4989]: Rule aes-key : Key as string: AES 128 679152125086aacfbc35ef2b1ede5abf

 

 

When specifying a key to the AES::encrypt or AES::decrypt commands it can either be a key object as generated by AES::key or a passphrase. If you generate a key using AES::key (or a string with the correct format) it will use that key for encryption and decryption.

 

 

A string that does not match the above format will be interpreted as a passphrase and will be used (along with random salt) to generate a key. This is where AES::decrypt is affected by ID224113.

 

 

So the extra 8 bytes you see in the string length is the "AES 128 " part of the string.

 

 

Hope this helps.

 

Jason