Block Ciphers

Padding

The implementation of block ciphers raises an interesting problem: The plaintext you wish to encrypt will not always be a multiple of the block size (usually 64 bits). To compensate for the last incomplete block, paddingis needed. A padding scheme specifies exactly how the last block of plaintext is filled with data before it is encrypted. A corresponding procedure on the decryption side removes the padding and restores the plaintext’s original length.

PKCS#5

PKCS#5 is one possible padding scheme. PKCS#5 is a Public-Key Cryptography Standard, a self-proclaimed standard published by RSA Data Security, Inc. The padding method is straightforward: Fill the remainder of the block with bytes containing the number of remaining bytes.[18] For example, in a 64-bit block, if there are five leftover plaintext bytes in the block, three bytes with a value of 3 pad the block. Data that ends on a block boundary has a whole block of padding added. In a 64-bit block, a whole block of padding is eight bytes with a value of 8. This method allows the padding to be unambiguously removed after decryption, restoring the original size of the plaintext. Figure 7.1 shows some examples of PKCS#5-style padding in 64-bit blocks.[19]

PKCS#5 block padding
Figure 7-1. PKCS#5 block padding

At first glance, it doesn’t seem necessary to add the entire block of padding when the plaintext is a multiple of the block size. ...

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.