不带IV的AES128

I'm assuming you're using CBC here, but CFB mode should work the same.

Note that since the IV isn't considered secret, it's often prepended to the ciphertext itself for convenience.

Because of the way these modes handle the IV, if you use the incorrect IV you only lose the first block of plaintext. If the actual IV is there, you end up decrypting random data at the beginning of your plaintext output, so it doesn't hurt to simply try to decrypt it with an empty IV. Without the original IV though, you cannot get back that first block (short of using brute-force).

<kbd>Example</kbd>

key := []byte("YELLOW SUBMARINE")
plaintext := []byte("exampleplaintext that is longer than a single block and some pad")

if len(plaintext)%aes.BlockSize != 0 {
    panic("plaintext not multiple of block size")
}

block, err := aes.NewCipher(key)
if err != nil {
    panic(err)
}

// The IV needs to be unique, but not secure. Therefore it's common to
// include it at the beginning of the ciphertext.
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
    panic(err)
}

mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(ciphertext[aes.BlockSize:], plaintext)
fmt.Printf("%x
", ciphertext)

// Now Decrypt with wrong IV
iv = make([]byte, 16)

// If you wanted the correct IV, in thise case we could pull it from the ciphertext
//iv = ciphertext[:aes.BlockSize]
//ciphertext = ciphertext[aes.BlockSize:]

if len(ciphertext)%aes.BlockSize != 0 {
    panic("ciphertext is not a multiple of the block size")
}

mode = cipher.NewCBCDecrypter(block, iv)
newPlaintext := make([]byte, len(ciphertext))
mode.CryptBlocks(newPlaintext, ciphertext)

fmt.Printf("%s
", newPlaintext)