Create a ticket
Sign in Sign up
Locker support Locker support

No results found.

Home Locker Whitepaper Security Fundamentals AES-256-CBC Encryption
Vietnamese English
AES-256-CBC Encryption

AES-256-CBC (Cipher Block Chaining), the algorithm used to encrypt Vault, is a standard cryptographic algorithm and is used by the US government and other government agencies worldwide to protect top-secret data. With proper implementation and strong enough Encryption Keys (from a user’s Master Password), the AES-256-CBC algorithm is proven unbreakable.

Notion image
Notion image

AES-256-CBC is an encryption system using AES specifications with key KK of 256-bit length, and is in the CBC mode of operation. The input data is stretched and divided in to blocks PiP_i of fixed length, then

  1. With block P1P_1, perform XORXOR operation on P1P_1 with initialization vector VIVI:
    1. PP1=P1VI{PP}_1=P_1⊕VI

  1. Encrypt the result PP1{PP}_1 from step 1 with AESAES and key KK:
    1. C1=AESE(PP1,K)C_1=AES_E({PP}_1, K)

  1. From block P2P_2 onward, PiP_i is XORXOR-ed with the encrypted output of the previous block:
    1. PPi=PiCi1{PP}_i=P_i⊕C_{i-1}

      Ci=AESE(PPi,K)C_i=AES_E({PP}_i, K)

  1. The cipher text blocks CiC_i are concatenated into the final cipher text:
    1. C=C1C2...C=C_1||C_2||...

The decryption process has a reversed flow with cipher text CC being divided into blocks CiC_i.

  1. Decrypt block C1C_1 with AESAES and key KK:
    1. PP1=AESD(C1,K){PP}_1=AES_D(C_1, K)

  1. Perform XORXOR operation on PP1{PP}_1 with initialization vector VIVI to retrieve plaintext block P1P_1:
    1. P1=PP1VI{P}_1={PP}_1⊕VI

  1. From block C2C_2 onward, PPi{PP}_i is XORXOR-ed with the decrypted output of the previous block:
    1. PPi=AESD(Ci,K){PP}_i=AES_D(C_i,K)


  1. The decrypted plaintext blocks PiP_i are concatenated to restore the original plaintext:
    1. P=P1P2...P=P_1||P_2||...

Was this page helpful?
Join Our Community