Infoencrypt is using AES 128 encryption, with random IV. And PBKDF2 (Hmac SHA1, 1000 iterations) is used for password. Result is signed with HMAC MD5, for verification, and then encoded using Base64
It's very common and secure configuration. Most cryptography tools supports this scheme, so you will be able to decrypt your message even without Infoencrypt, by using other tools.
Initialization vector (IV)
Just a random value to initialize encryption, used to make result uniq even if same input and password were used.
It's a PBKDF2 with following parameters:
- 128 bit
- HMAC SHA1
- MD5 of 'www.infoencrypt.com' as salt (to reduce the ability to use precomputed hashes, a 'rainbow tables')
- 1000 iterations
One important moment here: we also apply MD5 to the input password (that could be any UTF-8 string), before using PBKDF2. Just because we found that some implementations of PBKDF doesn't support non-ascii characters out of box, so we came to this base minimum
PBKDF2 makes it much harder to brute force your password, PBKDF2 significantly increases time to prepare input keys for decryption.
We're using standard Advanced Encryption Standard (AES) encryption, with 128 bits block length. CBC for block chaining and and PKCS5 for padding.
AES became effective as a federal government standard on May 26, 2002 after approval by the Secretary of Commerce. AES is included in the ISO/IEC 18033-3 standard. AES is available in many different encryption packages, and is the first publicly accessible and open cipher approved by the National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module.
First 128 bit of output is HMAC MD5 digest of encrypted data (not original message), and used during decryption phase to validate that encrypted message is not corrupted.
Secret key is simply `infoencrypt.com,AES,128b` in binary representation ([0x69, 0x6e, 0x66, 0x6f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x41, 0x45, 0x53, 0x2c, 0x31, 0x32, 0x38, 0x62])
Output is simply Base64 encoded binary data, suitable for emails, web, etc.