> ## Documentation Index
> Fetch the complete documentation index at: https://support.locker.io/llms.txt
> Use this file to discover all available pages before exploring further.

# AES-256-CBC Encryption

> Introduction to the AES-256-CBC encryption algorithm and how Locker applies it to protect user data

## AES-256-CBC Encryption Algorithm

AES-256-CBC (Cipher Block Chaining), the algorithm used to encrypt user data, is a standard cipher implemented by the United States government and other government agencies around the world to protect classified data. With proper implementation and a sufficiently strong Encryption Key (derived from the user's Master Password), the AES-256-CBC algorithm is considered unbreakable.

AES-256-CBC is an encryption system that uses the AES specification, a 256-bit key $K$, and operates in CBC mode. The input data is padded and divided into fixed-length blocks $P_i$, where

<img src="https://mintcdn.com/locker/RN2-OO7uarVxuthM/images/en/locker-whitepaper/security-fundamentals/aes_encrypt.png?fit=max&auto=format&n=RN2-OO7uarVxuthM&q=85&s=895f084015e6d4dcd4471dae51420e2b" alt="AES-256-CBC Encryption Diagram" width="1190" height="680" data-path="images/en/locker-whitepaper/security-fundamentals/aes_encrypt.png" />

1. For block $P_1$, perform an $XOR$ operation with $P_1$ and the initialization vector $VI$:

   $PP_1 = P_1 \oplus VI$

2. Encrypt the result $PP_1$ from step 1 using $AES$ with key $K$:

   $C_1 = AES_E(PP_1, K)$

3. From block $P_2$ onward, $P_i$ is $XOR$-ed with the encrypted result of the previous block:

   $PP_i = P_i \oplus C_{i-1}$

   $C_i = AES_E(PP_i, K)$

4. The encrypted blocks $C_i$ are concatenated to form the final encrypted data:

   $C = C_1 \| C_2 \| ...$

The decryption process occurs in reverse, where the encrypted data $C$ is divided into blocks $C_i$.

<img src="https://mintcdn.com/locker/RN2-OO7uarVxuthM/images/en/locker-whitepaper/security-fundamentals/aes_decrypt.png?fit=max&auto=format&n=RN2-OO7uarVxuthM&q=85&s=a8219c17b266ee713f586d6d0bd4b2c8" alt="AES-256-CBC Decryption Diagram" width="1190" height="686" data-path="images/en/locker-whitepaper/security-fundamentals/aes_decrypt.png" />

1. Decrypt block $C_1$ using $AES$ with key $K$:

   $PP_1 = AES_D(C_1, K)$

2. Perform an $XOR$ operation with $PP_1$ and the initialization vector $VI$ to recover the original data block $P_1$:

   $P_1 = PP_1 \oplus VI$

3. From block $C_2$ onward, $PP_i$ is $XOR$-ed with the decrypted data of the previous block:

   $PP_i = AES_D(C_i, K)$

   $P_i = PP_i \oplus C_{i-1}$

4. The decrypted data blocks $P_i$ are concatenated to reconstruct the original data:

   $P = P_1 \| P_2 \| ...$
