The generic block cipher functions allow the block cipher algorithm and
mode to be specified
either by a strAlgAndMode string or by using the nOptions flags, but not both.
The algorithm-and-mode parameter string combines the name of the block cipher algorithm and the mode, for example "tdea-cbc"
or "aes128-ctr". Only Triple DES (TDEA) and the three AES algorithms (AES-128, AES-192 and AES-256) are provided with
the generic cipher functions.
Valid algorithm names are:
| Value | Algorithm | Option |
|---|---|---|
| tdea | Triple DES, a.k.a. 3DES, des-ede3 | API_BC_TDEA |
| aes128 | AES-128 | API_BC_AES128 |
| aes192 | AES-192 | API_BC_AES192 |
| aes256 | AES-256 | API_BC_AES256 |
Valid mode names are:
| Value | Mode | Option |
|---|---|---|
| ecb | Electronic Code Book mode (default) | API_MODE_ECB |
| cbc | Cipher Block Chaining mode | API_MODE_CBC |
| ofb | Output Feedback mode | API_MODE_OFB |
| cfb | 64-bit Cipher Feedback mode | API_MODE_CFB |
| ctr | Counter mode | API_MODE_CTR |
Some examples of valid string values for the strAlgAndMode parameter are:
| strAlgAndMode | Description | Alternative Option value |
|---|---|---|
| tdea-cbc | Triple DES in CBC mode | API_BC_TDEA+API_MODE_CBC |
| tdea-ecb | Triple DES in ECB mode | API_BC_TDEA+API_MODE_ECB |
| tdea | ditto (ECB is default mode) | API_BC_TDEA |
| aes128-cbc | AES-128 in CBC mode | API_BC_AES128+API_MODE_CBC |
| aes256-ctr | AES-256 in Counter mode | API_BC_AES2568+API_MODE_CTR |
Punctuation and space characters and upper- and lower-case are ignored in the strAlgAndMode string, so
"tdea-cbc",
"TDeA---cBc",
"tdea cbc", and
"TDEACBC" are equivalent
(as indeed is
"t*D$e^A c@b!C!!").
And, OK, you can use the synonyms "3des", "des-ede" or "des-ede3" in place of "tdea".
It is an error to use both the strAlgAndMode and nOptions parameters to specify the algorithm and mode. The cipher algorithm must be explicitly specified: there is no default algorithm. The default cipher mode is ECB mode, which is not recommended because of security issues. It is recommended to use either CBC or CTR mode with an IV value that is unique each time it is used with a given key.