Understanding 'padding' in symmetric key cryptography
Symmetric key algorithms like 3DES, AES etc operate on blocks of input data. For this to happen, the length of the input data must be exactly equal to the block length or an integral multiple of the block length for that algorithm. For example, let us take AES 128-bit encryption. Lets say the block length is 128-bits or 16-bytes in this case. Imagine that the input data to be encrypted (called plaintext in cryptographic parlance) has size 20-bytes. No prizes for calculating that we are 4-bytes off the block length in this case. In order to make the input data length a multiple of the block length we need to pad it. In this case,
20 bytes will require (16 - (20-16)) = 12 bytes of padding.
Therefore, as mentioned earlier padding is used when the plaintext's length may not be an exact multiple of the algorithm's block size. Padding, therefore, allows stuffing the end of the message to fill the last block. If PKCS7 padding is used the last block is padded with integers, each of which is the number of bytes used to pad the message. As an example, if the plaintext requires say 5 bytes of padding, the padding would be "0x05, 0x05,0x05, 0x05,0x05". If no padding is used then we have to ensure that the length of the plaintext is an exact multiple of the block size of that algorithm. If zero-padding is used, the last block is padded with zeros.
Comments
Anonymous
January 22, 2007
It is necessary to pad with known constant values, or would it make sense to pad with random values?Anonymous
January 23, 2007
Usually a good idea to leave this to the framework thats doing the padding for you. If you are padding it with random values, you must expect the random values at the time of decryption.Anonymous
July 04, 2007
If no padding is used, & also we are not ensure that the length of the plaintext is an exact multiple of the block size of that algorithm. Then what type of problem will occur while encryption decryption of data?Anonymous
July 05, 2007
Are encryption keys padded at times? If yes, why and where is it used?Anonymous
July 05, 2007
Not the encryption keys, but the plain text itself.