In our work, we often encounter interactive use of encryption and decryption algorithms on cross-language platforms. In particular, some standard encryption and decryption algorithms are designed to block data blocks and fill algorithms.
For example, the common filling algorithms in C # and Java are as follows:
Filling Algorithm in. Net:
Member name |
Description |
Ansix923 |
The string filled with ansix923 consists of a byte sequence. The last byte of this sequence is the length of the byte sequence, and the remaining bytes are all filled with digits. The following example shows how this mode works. Assume that the block length is 8. If the data length is 9, the number of 8 bytes is equal to 7, and the data is equal to FF: Data: FF X923 fill: FF 00 00 00 00 07 |
Iso10126 |
The iso10126 filling string is composed of a byte sequence. The last byte of this byte sequence is the length of the byte sequence, and the remaining byte is filled with random data. The following example shows how this mode works. Assuming that the block length is 8 and the data length is 9, the number of 8 bytes is equal to 7, and the data is equal to FF: Data: FF Iso10126 filling: FF 7d 2a 75 EF F8 EF 07 |
None |
Do not fill. |
Pkcs7 |
The PKCS #7 Filling string consists of a byte sequence. Each byte is filled with the length of the byte sequence. The following example demonstrates how these modes work. Assuming that the block length is 8 and the data length is 9, the number of 8 bytes is equal to 7, and the data is equal to FF: Data: FF Pkcs7 filling: FF 07 07 07 07 07 07 |
Zeros |
The filling string consists of bytes set to zero. |
The padding algorithm supported in Java (Cipher) includes
ALG. Name |
Description |
Nopadding |
No padding. |
Iso10126padding |
This padding for block ciphers is described in 5.2 block encryption algorithms in the W3C's "XML encryption syntax and processing" document. |
Oaeppadding, oaepwith <digest> and <MGF> padding |
Optimal asypolicric encryption padding scheme defined in PKCS1, where <digest> shocould be replaced by the message digest and <MGF> by the mask generation function. Examples:Oaepwithmd5andmgf1paddingAndOAEPWithSHA-512AndMGF1Padding.
IfOAEPPadding Is used,Cipher Objects are initialized withjavax.crypto.spec.OAEPParameterSpec Object To suppply values needed for epeppadding. |
Pkcs1padding |
The padding scheme described in PKCS1, used with the RSA algorithm. |
Pkcs5padding |
The padding scheme described in RSA Laboratories, "pkcs5: Password-based encryption standard," version 1.5, November 1993. |
Ssl3padding |
The padding scheme defined in the SSL protocol version 3.0, November 18,199 6, section 5.2.3.2 (CBC block cipher ): block-ciphered struct {opaque content[SSLCompressed.length];opaque MAC[CipherSpec.hash_size];uint8 padding[ GenericBlockCipher.padding_length];uint8 padding_length; } GenericBlockCipher; The size of an instance of a genericblockcipher must be a multiple of the block cipher's block length.
The padding length, which is always present, contributes to the padding, which implies that if: sizeof(content) + sizeof(MAC) % block_length = 0, Padding has to be (block_length-1) bytes long, because of the existencepadding_length .
This make the padding scheme similar (but not quite) to pkcs5padding, where the padding length is encoded in the padding (and ranges from 1 to block_length ). with the SSL scheme, the sizeof (padding) is encoded in the always presentpadding_length And therefore ranges from 0 to block_length-1. |
In simple comparison, it is found thatNone,Iso10126In fact, pkcs5padding and pkcs7padding can also be used in common.
By studying the references, we can find the differences between the two definitions:
- [Def]PKCS #7: cryptographic message syntax Standard,
An RSA Laboratories technical note, version 1.5. revised November 1, 1993. http://www.cnblogs.com/midea0978/admin/ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-7.asc
- [INF]PKCS #5: Password-Based Encryption Standard,
An RSA Laboratories technical note, version 1.5. revised November 1, 1993. http://www.cnblogs.com/midea0978/admin/ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-5.ascIn pkcs5padding, the block size is clearly defined as 8 bits, while in pkcs7padding definition, the block size is uncertain, it can be between 1-255 (the block length exceeds is yet to be studied), and the filling value algorithms are the same:
Value = k-(L mod k), k = block size, L = Data Length, if l = 8, you need to fill in 8 of the additional 8 bytes
In. net, for example, tripledescryptoserviceprovider, the default blocksize is 64 bits = 8 bytes, so in this case, pkcs5padding = pkcs7padding.
If you define a block size that is not 64 bits in C # And use pkcs7padding at the same time, you cannot decrypt it by using the JDK standard pkcs5padding in Java.
Java code example
-
123456789 |
try { byte [] KEY_DATA = { 1 , 8 ,- 49 ,- 31 , 77 , 90 , 10 , 121 ,- 14 , 109 , 107 , 38 , 29 , 68 , 59 , 5 , 82 , 49 , 31 , 42 ,- 25 , 67 , 96 , 15 }; Cipher cipher = Cipher.getInstance( "DESede/ECB/PKCS5Padding" ); SecretKeySpec key = new SecretKeySpec(KEY_DATA, "DESede" ); // Generate the key required for encryption and decryption cipher.init(Cipher.ENCRYPT_MODE, key); byte [] res = cipher.doFinal(data.getBytes()); } catch (Exception e) { e.printStackTrace(); } |
C # code example \
-
1234567891011 |
TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider(); des.Mode=CipherMode.ECB; des.Padding=PaddingMode.PKCS7; byte [] buffer =Encoding.Default.GetBytes( "Plaintext" ); MemoryStream stream = new MemoryStream(); byte [] key=Convert.FromBase64String( "AQjP4U1aCnnybWsmHUQ7BVIxHyrnQ2AP" ); CryptoStream encStream = new CryptoStream(stream, des.CreateEncryptor(key, null ), CryptoStreamMode.Write); encStream.Write(buffer, 0, buffer.Length); encStream.FlushFinalBlock(); byte [] res=stream.ToArray(); Console.WriteLine( "result:" +Convert.ToBase64String(res)); |
Reference http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#pad_PKCSPadding
Http://www.cnblogs.com/midea0978/articles/1437257.html
Difference between pkcs5padding and pkcs7padding