Padding and Chaining
When a piece of data is encrypted, it is not encrypted as a whole by the algorithm. It’s usually broken into chunks of eight bytes each, and then each chunk is operated on independently. Of course, the length of the data may not be an exact multiple of eight; in such a case, the algorithm adds some characters to the last chunk to make it exactly eight bytes long. This process is known as padding . This padding also has to be done right so an attacker won’t be able to figure out what was padded and then guess the key from there. To securely pad the values, you can use a pre-developed padding method, which is available in Oracle, known as Public Key Cryptography System #5 (PKCS#5). There are several other padding options that allow for padding with zeros and for no padding at all. Later in this chapter, I’ll show how you can use padding by specifying options or selecting constants in Oracle’s built-in packages.
When data is divided into chunks, there needs to be a way to connect back together those chunks, a process known as chaining. The overall security of an encryption system depends upon how chunks are connected and encrypted—independently or in conjunction with the adjacent chunks. Oracle supports the following chaining methods:
- CBC
Cipher Block Chaining, the most common chaining method.
- ECB
Electronic Code Book
- CFB
Cipher Feedback
- OFB
Output Feedback
Later in this chapter, I’ll show how you can use these methods by specifying options or selecting constants ...