In AES, my understanding is that salt is the stuff to make the passphrase more secure and it wont be added into encrypted text. But IV is the stuff used to encrypt the first block of message and will be added into the encrypted text.
Do I get anything wrong?
Answer
AES itself does not directly use a salt (or indeed, an IV).
A situation when you might use a salt in combination with AES is when you are using Password Based Encryption (PBE). In this scheme, a human-memorizable password is used, in combination with a salt, to generate an AES key. A salt is used so that the same password does not always generate the same key; however, because the recipient must be able to generate the correct key, the salt must be transmitted along with the encrypted data.
An IV is required if you are using AES in certain block cipher modes, like CBC. In this case, it used to ensure that the same plaintext data under the same key does not always encrypt to the same ciphertext. Again, the IV is required by the recipient to correctly decrypt the data, so it must be transmitted along with the encrypted data.
So, if you are using PBE with AES in CBC mode as the underlying cipher, you would expect to have to send both a PBE salt and a CBC IV along with the encrypted data.