有弹性的城堡PKCS7填充

Question

I need help to find what is actually a padding value for this expression in Bouncy Castle java framework. Kinda not sure about the values.

encrypt(bytes, iv, secret, "AES/CBC/PKCS7Padding")

Answer 1

The padding byte used is the same as the number of padding bytes. Thus, if 11 bytes of padding are needed then that padding consists of 11 copies of the byte 0x0b. Padding is always applied, so that if the number of bytes is already a multiple of 16 then 16 bytes of padding are used, the pad byte being 0x10 in that case.

This padding scheme has the nice feature that, upon decryption, you can examine the last byte of the padded plaintext to determine how many padding bytes there are in total.

Note that PKCS7 padding is not a java-specific standard but rather a very common padding scheme independent of language.

Answer 2

If the original data is an integer multiple of N bytes, then an extra block of bytes with value N is added. This is necessary so the deciphering algorithm can determine with certainty whether the last byte of the last block is a pad byte indicating the number of padding bytes added or part of the plaintext message. Consider a plaintext message that is an integer multiple of N bytes with the last byte of plaintext being 01. With no additional information, the deciphering algorithm will not be able to determine whether the last byte is a plaintext byte or a pad byte. However, by adding N bytes each of value N after the 01 plaintext byte, the deciphering algorithm can always treat the last byte as a pad byte and strip the appropriate number of pad bytes off the end of the ciphertext; said number of bytes to be stripped based on the value of the last byte.