0

Let's say you have an encryption algorithm that uses PKCS5 padding. You input 'secret message', which is 14 characters long, but for some reason or another the algorithm needs it to be 16 characters long. So you add on two bytes that are equal to 2 at the end.

Then when you decrypt it, you just look at the last byte and take that many off for the end result. But how would you be able to tell if there was no padding in the first place? I'm just a noob so be nice please. Thanks in advance!

Guest
  • 1
  • If you don't know the length a-priori (as you do eg for MACs), you always pad. – SEJPM Feb 09 '21 at 21:37
  • So in the example I gave, if you always padded, how much would you pad? – Guest Feb 09 '21 at 21:39
  • It is part of your protocol that mentions the used padding otherwise by looking at only one output you may not decide.

    For example,

    • You get a message, decrypt it, and check, can you guarantee that if the message ends with byte 01 is the padding of PKCS#7 (PKCS#7 > PKCS#5) or not?

    • Keep it aside, you get another message, decrypt it, and check, it fits more into PKCS#7, then your belief increased.

     – kelalaka Feb 09 '21 at 21:41
  • are you asking how to unpaid or how the PKCS#7 padding is working? – kelalaka Feb 09 '21 at 21:42
  • how to unpad, and how to determine if no padding was used – Guest Feb 09 '21 at 21:43
  • What was k in your answer? – Guest Feb 09 '21 at 21:55
  • It is the value of the last byte (octet), it must be repeated k times, like x...xx22, x...xx333, xx...x4444, and so on. – kelalaka Feb 09 '21 at 22:00
  • Thank you for the help. – Guest Feb 09 '21 at 22:03
  • Kind of, but I still don't understand how you can tell if there is no padding. – Guest Feb 09 '21 at 22:11
  • So if it was a 16 character input you would just pad on 16 characters of padding? – Guest Feb 09 '21 at 22:14
  • You need to look at the protocol or the code. PKCS#7 padding is not random padding. It has a regular structure that helps to distinguish it from normal text. If you have 16 bytes for AES, then you need to encrypt another full AES block that contains 16 0x10 byte values. Padding should not be ambiguous. – kelalaka Feb 09 '21 at 22:57

0 Answers0