"Beginning Cryptography with Java" is a god-send of a book! i appreciate that authors have to be economical with the number of words they use; and that sometimes leads to the precise meanings of things being a little too subtle to grasp on a first-pass reading.
in the "Inline IVs" section of chapter 2 (pg 28) the book uses jargon ("out-of-band") that is a little ambiguous to me:
Quote:
|
quote:...the JCE assumes that the IV will be passed as an out-of-band parameter...
|
i'm assuming that the "band" referred to in this particular use of "out-of-band", translates to: "the method in which the encryption functionality is taking place". more specifically - in the context of the sample code - i'm assuming "in-band" would be the cipher.update() method; and "out-of-band" would be the cipher.init() method. have i got that right?
that same section also starts talking about "the stream" all of a sudden when it hadn't mentioned anything about a stream before:
Quote:
|
quote:...people also write the IV out at the start of the stream...
|
at first i thought it was talking about one of the java language's i/o stream classes. i was looking for the use of some i/o stream object in the sample code but there isn't any and that confused the heck out of me. so now i'm assuming "the stream" means, "the stream of bytes - in the form of byte arrays - passed into and out of cipher.update() and cipher.doFinal()". do i understand that correctly?
actually, as i type out this post it's all starting to make sense (i think)! am i right in assuming that:
Quote:
|
quote:...write the IV out at the start of the stream...
|
equates to this line in the sample code?:
Code:
int ctLength = cipher.update(ivBytes, 0, ivBytes.length, cipherText, 0);
and does:
Quote:
|
quote:...read past it before attempting to reconstruct the message...
|
equate to this line in the sample code?:
Code:
System.arraycopy(buf, ivBytes.length, plainText, 0, plainText.length);
thanks in advance for your replies.
Inline IVs - do i understand correctly?
