Differences between pkcs5padding and pkcs7padding

In our work, we often encounter interactive use of encryption and decryption algorithms on cross-language platforms. In particular, some standard encryption and decryption algorithms are designed to block data blocks and fill algorithms.
For example, the common filling algorithms in C # and Java are as follows:

Filling Algorithm in. Net:

Member name	Description
Ansix923	The string filled with ansix923 consists of a byte sequence. The last byte of this sequence is the length of the byte sequence, and the remaining bytes are all filled with digits. The following example shows how this mode works. Assume that the block length is 8. If the data length is 9, the number of 8 bytes is equal to 7, and the data is equal to FF: Data: FF X923 fill: FF 00 00 00 00 07
Iso10126	The iso10126 filling string is composed of a byte sequence. The last byte of this byte sequence is the length of the byte sequence, and the remaining byte is filled with random data. The following example shows how this mode works. Assuming that the block length is 8 and the data length is 9, the number of 8 bytes is equal to 7, and the data is equal to FF: Data: FF Iso10126 filling: FF 7d 2a 75 EF F8 EF 07
None	Do not fill.
Pkcs7	The PKCS #7 Filling string consists of a byte sequence. Each byte is filled with the length of the byte sequence. The following example demonstrates how these modes work. Assuming that the block length is 8 and the data length is 9, the number of 8 bytes is equal to 7, and the data is equal to FF: Data: FF Pkcs7 filling: FF 07 07 07 07 07 07
Zeros	The filling string consists of bytes set to zero.

The padding algorithm supported in Java (Cipher) includes

ALG. Name	Description
Nopadding	No padding.
Iso10126padding	This padding for block ciphers is described in 5.2 block encryption algorithms in the W3C's "XML encryption syntax and processing" document.
Oaeppadding, oaepwith <digest> and <MGF> padding	Optimal asypolicric encryption padding scheme defined in PKCS1, where <digest> shocould be replaced by the message digest and <MGF> by the mask generation function. Examples:Oaepwithmd5andmgf1paddingAndOAEPWithSHA-512AndMGF1Padding. IfOAEPPaddingIs used,CipherObjects are initialized withjavax.crypto.spec.OAEPParameterSpecObject To suppply values needed for epeppadding.
Pkcs1padding	The padding scheme described in PKCS1, used with the RSA algorithm.
Pkcs5padding	The padding scheme described in RSA Laboratories, "pkcs5: Password-based encryption standard," version 1.5, November 1993.
Ssl3padding	The padding scheme defined in the SSL protocol version 3.0, November 18,199 6, section 5.2.3.2 (CBC block cipher ): block-ciphered struct {opaque content[SSLCompressed.length];opaque MAC[CipherSpec.hash_size];uint8 padding[ GenericBlockCipher.padding_length];uint8 padding_length; } GenericBlockCipher; The size of an instance of a genericblockcipher must be a multiple of the block cipher's block length. The padding length, which is always present, contributes to the padding, which implies that if: sizeof(content) + sizeof(MAC) % block_length = 0, Padding has to be (block_length-1) bytes long, because of the existencepadding_length. This make the padding scheme similar (but not quite) to pkcs5padding, where the padding length is encoded in the padding (and ranges from 1 to block_length ). with the SSL scheme, the sizeof (padding) is encoded in the always presentpadding_lengthAnd therefore ranges from 0 to block_length-1.

In simple comparison, it is found thatNone,Iso10126In fact, pkcs5padding and pkcs7padding can also be used in common.

By studying the references, we can find the differences between the two definitions:

• [Def]PKCS #7: cryptographic message syntax Standard,
  An RSA Laboratories technical note, version 1.5. revised November 1, 1993. http://www.cnblogs.com/midea0978/admin/ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-7.asc
• [INF]PKCS #5: Password-Based Encryption Standard,
  An RSA Laboratories technical note, version 1.5. revised November 1, 1993. http://www.cnblogs.com/midea0978/admin/ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-5.asc

  In pkcs5padding, the block size is clearly defined as 8 bits, while in pkcs7padding definition, the block size is uncertain, it can be between 1-255 (the block length exceeds is yet to be studied), and the filling value algorithms are the same:

  Value = k-(L mod k), k = block size, L = Data Length, if l = 8, you need to fill in 8 of the additional 8 bytes

  In. net, for example, tripledescryptoserviceprovider, the default blocksize is 64 bits = 8 bytes, so in this case, pkcs5padding = pkcs7padding.

  If you define a block size that is not 64 bits in C # And use pkcs7padding at the same time, you cannot decrypt it by using the JDK standard pkcs5padding in Java.

  Java code example

  
  Try {
  Byte [] key_data = {121,-49,-14,109,107, 77 };
  Cipher cipher = cipher. getinstance ("desede/ECB/pkcs5padding ");
  Secretkeyspec key = new secretkeyspec (key_data, "desede"); // generate the key required for encryption and decryption
  Cipher. INIT (Cipher. encrypt_mode, key );
  Byte [] res = cipher. dofinal (data. getbytes ());
  } Catch (exception e ){
  E. printstacktrace ();
  }

  C # code example

  
  Tripledescryptoserviceprovider des = new tripledescryptoserviceprovider ();
  Des. mode = ciphermode. ECB;
  Des. Padding = paddingmode. pkcs7;
  Byte [] buffer = encoding. Default. getbytes ("plaintext ");
  Memorystream stream = new memorystream ();
  Byte [] Key = convert. frombase64string ("aqjp4u1acnnybwsmhuq7bvixhyrnq2ap ");
  Cryptostream encstream = new cryptostream (stream, Des. createencryptor (Key, null), cryptostreammode. Write );
  Encstream. Write (buffer, 0, buffer. Length );
  Encstream. flushfinalblock ();
  Byte [] res = stream. toarray ();
  Console. writeline ("Result:" + convert. tobase64string (RES ));

   

• Reference http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#pad_PKCSPadding