Block Ciphers

Padding

The implementation of block ciphers raises an interesting problem: The plaintext you wish to encrypt will not always be a multiple of the block size (usually 64 bits). To compensate for the last incomplete block, paddingis needed. A padding scheme specifies exactly how the last block of plaintext is filled with data before it is encrypted. A corresponding procedure on the decryption side removes the padding and restores the plaintext’s original length.

PKCS#5

PKCS#5 is one possible padding scheme. PKCS#5 is a Public-Key Cryptography Standard, a self-proclaimed standard published by RSA Data Security, Inc. The padding method is straightforward: Fill the remainder of the block with bytes containing the number of remaining bytes.[18] For example, in a 64-bit block, if there are five leftover plaintext bytes in the block, three bytes with a value of 3 pad the block. Data that ends on a block boundary has a whole block of padding added. In a 64-bit block, a whole block of padding is eight bytes with a value of 8. This method allows the padding to be unambiguously removed after decryption, restoring the original size of the plaintext. Figure 7.1 shows some examples of PKCS#5-style padding in 64-bit blocks.[19]

PKCS#5 block padding
Figure 7-1. PKCS#5 block padding

At first glance, it doesn’t seem necessary to add the entire block of padding when the plaintext is a multiple of the block size. ...

Get Java Cryptography now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.