logos-storage-docs-obsidian/10 Notes/How to encrypt and decrypt content using symmetric encryption in BearSSL.md

We show how to use symmetric encryption in BearSSL to encrypt and decrypt the content. This is a very basic code demonstrating the use of the BearSSL symmetric encryption API. In Codex Encryption Design we show a more complete example. In the code below we also use BearSSL to generate a random number. See How to generate a random number using BearSSL for more details:

import std/sequtils
import bearssl/blockx
import stew/byteutils

import ./rng

const
  KeySize = 24 # 192 bits for AES-192
  IvSize = 16  # fixed - 128 bits - notice that the length og the content to be 
               # encrypted/decrypted must be multiply of 16

var plaintext = "0123456789abcdef".toBytes
echo "plaintext: ", plaintext.toHex

let key = newSeqWith(KeySize, Rng.instance.rand(uint8.high).byte)
let ive = newSeqWith(IvSize, Rng.instance.rand(uint8.high).byte)
let ivd = ive

echo "ive: ", ive.toHex

var encCtx: AesBigCbcencKeys
aesBigCbcencInit(encCtx, addr key[0], 16.uint)
aesBigCbcencRun(encCtx, addr ive[0], addr plaintext[0], plaintext.len.uint)
echo "Encrypted: ", plaintext.toHex

echo "ivd: ", ivd.toHex

var decCtx: AesBigCbcdecKeys
aesBigCbcdecInit(decCtx, addr key[0], 16.uint)
aesBigCbcdecRun(decCtx, addr ivd[0], addr plaintext[0], plaintext.len.uint)
echo "Decrypted: ", plaintext.toHex

As stated in the comment, the following note must be emphasized:

Note

The size of the IV vector must be 16 bytes long. The data to be encrypted or decrypted must have length that is multiple of 16

Also important to notice is that aesBigCbcencRun will mutate the provided initialization vector IV so that it is ready to be used for the subsequent chunk of data - a classical CBC mode for AES.