PaddingPadding is used in a block cipher where we fill up the blocks with padding bytes. AES uses 128-bits (16 bytes), and DES uses 64-bit blocks (8 bytes). The main padding methods are:
In the following code we use AES to encrypt using padded string. The 256-bit key is generated by taking a SHA-256 hash of the password:
|
Presentation
Sample
If we use "hello", then we must pad to 16 bytes, this means there are 11 padding bytes (0xB) to give:
After padding (CMS): 68656c6c6f0b0b0b0b0b0b0b0b0b0b0b Cipher (ECB): 0a7ec77951291795bac6690c9e7f4c0d decrypt: hello After padding (Bit): 68656c6c6f8000000000000000000000 Cipher (ECB): 731abffc2e3b2c2b5caa9ca2339344f9 decrypt: hello After padding (ZeroLen): 68656c6c6f000000000000000000000a Cipher (ECB): d28e2f7e8e44e068732b292bde444245 decrypt: hello� After padding (Null): 68656c6c6f0000000000000000000000 Cipher (ECB): 444797422460453d95856eb2a1520ece decrypt: hello After padding (Space): 68656c6c6f0000000000000000000000 Cipher (ECB): 444797422460453d95856eb2a1520ece decrypt: After padding (Random): 68656c6c6ffc6ecfd884a38798d62a0a Cipher (ECB): f690c7e8cd357c7fabfb1b5498eec12e decrypt: helloõ
For random padding we see the padding is After padding (Random): “68656c6c6ffc6ecfd884a38798d62a0a” where “68656c6c6” is the message (“hello”), “ffc6ecfd884a38798d62a” is the random collection of bytes, and “0a” identifies that there are 10 bytes used for the random data padding.
If we use "hello123", then we must pad to 8 bytes, this means there are 8 padding bytes (0x8) to give:
After padding (CMS): 68656c6c6f3132330808080808080808 Cipher (ECB): aa9accd8acdb337fe6dba0bbfe426070 decrypt: hello123 After padding (Bit): 68656c6c6f3132338000000000000000 Cipher (ECB): 0f6c3077e6838ab6b5a1dc1ee6afd8e3 decrypt: hello123 After padding (ZeroLen): 68656c6c6f3132330000000000000007 Cipher (ECB): 38350f339c87ecf98a5035eddaf28ea7 decrypt: hello123� After padding (Null): 68656c6c6f3132330000000000000000 Cipher (ECB): 38f1e8924bd807d926e9df17ba4db72e decrypt: hello123 After padding (Space): 68656c6c6f3132330000000000000000 Cipher (ECB): 38f1e8924bd807d926e9df17ba4db72e decrypt: After padding (Random): 68656c6c6f313233e5fa500d0def3f07 Cipher (ECB): 128c2ed64c7717c4adeb1833059767e2 decrypt: hello123å
PKCS (Public-Key Cryptography Standards) were designed and published, in the 1990s, by RSA Security Inc, and have now been standardised in the form of RFCs. PKCS #5 (RFC 2859) is a standard used for password-based encryption, and PKCS #7 (RFC 2815) is used to sign and/or encrypt messages for PKI.
Code
The code generates the 256-bit key from a SHA-256 hash of the password:
# https://asecuritysite.com/encryption/padding from Crypto.Cipher import AES import hashlib import sys import binascii import Padding val='hello' password='hello' plaintext=val def encrypt(plaintext,key, mode): encobj = AES.new(key,mode) return(encobj.encrypt(plaintext)) def decrypt(ciphertext,key, mode): encobj = AES.new(key,mode) return(encobj.decrypt(ciphertext)) key = hashlib.sha256(password.encode()).digest() plaintext = Padding.appendPadding(plaintext,blocksize=Padding.AES_blocksize,mode='CMS') print("After padding (CMS): ",binascii.hexlify(bytearray(plaintext.encode()))) ciphertext = encrypt(plaintext.encode(),key,AES.MODE_ECB) print("Cipher (ECB): ",binascii.hexlify(bytearray(ciphertext))) plaintext = decrypt(ciphertext,key,AES.MODE_ECB) plaintext = Padding.removePadding(plaintext.decode(),mode='CMS') print(" decrypt: ",plaintext) plaintext=val plaintext = Padding.appendPadding(plaintext,blocksize=Padding.AES_blocksize,mode='ZeroLen') print("After padding (ZeroLen): ",binascii.hexlify(bytearray(plaintext.encode()))) ciphertext = encrypt(plaintext.encode(),key,AES.MODE_ECB) print("Cipher (ZeroLen): ",binascii.hexlify(bytearray(ciphertext))) plaintext = decrypt(ciphertext,key,AES.MODE_ECB) plaintext = Padding.removePadding(plaintext.decode(),mode='ZeroLen') print(" decrypt: ",plaintext) plaintext=val plaintext = Padding.appendPadding(plaintext,blocksize=Padding.AES_blocksize,mode='Space') print("After padding (Space): ",binascii.hexlify(bytearray(plaintext.encode()))) ciphertext = encrypt(plaintext.encode(),key,AES.MODE_ECB) print("Cipher (Space): ",binascii.hexlify(bytearray(ciphertext))) plaintext = decrypt(ciphertext,key,AES.MODE_ECB) plaintext = Padding.removePadding(plaintext.decode(),mode='Space') print(" decrypt: ",plaintext) plaintext=val plaintext = Padding.appendPadding(plaintext,blocksize=Padding.AES_blocksize,mode='Random') print("After padding (Random): ",binascii.hexlify(bytearray(plaintext.encode()))) ciphertext = encrypt(plaintext.encode(),key,AES.MODE_ECB) print("Cipher (Random): ",binascii.hexlify(bytearray(ciphertext))) plaintext = decrypt(ciphertext,key,AES.MODE_ECB) plaintext = Padding.removePadding(plaintext.decode(),mode='Random') print(" decrypt: ",plaintext)
Lab
A related lab is [here]