AES解密后的数据大小 [英] Size of data after AES decryption
问题描述
我只发现这个问题回答了:
I only found this question answered:
由于AES在加密消息的末尾添加了填充,因此一个简单的公式来确定预期的输出长度,给定输入长度。但是,有没有办法确定DECRYPTED消息的预期大小是什么?如果没有,我应该把它和iv和加密的消息一起发送?
Since AES adds padding to the end of an encrypted message, there is a simple formula to determine the expected output length, given the input length. However, is there any way to determine what is the expected size of the DECRYPTED message? And if there isn't, should I just send it along with the iv and the encrypted message?
推荐答案
AES是一个块密码。在AES的情况下,块密码仅加密块,128位/ 16字节的块。要为更大量的数据使用分组密码,您需要一种操作模式。还有一些操作模式,如AES-CBC和不安全的AES-ECB,它们需要填充,因为它们对每个块进行加密/解密。对于AES,您可以确定在解密之前填充量为1到16个字节。
AES is a block cipher. Block ciphers only encrypt blocks, in case of AES, blocks of 128 bits / 16 bytes. To use a block cipher for larger amounts of data you need a mode of operation. There are modes of operation such as AES-CBC and the insecure AES-ECB that do require padding, as they encrypt/decrypt per block as well. For AES you can be certain that the amount of padding is 1 to 16 bytes even before decryption.
其他模式,如AES-CFB,AES-OFB和最重要的AES -CTR不需要填充。这些模式简单地创建一个与明文一样大的密文(尽管如果您无法计算,仍可能需要静态的开销来发送IV向量)。 AES-GCM是一种在内部使用CTRL的模式,但也添加了一个认证标签来保护消息的完整性和真实性。
Other modes such as AES-CFB, AES-OFB and most importantly AES-CTR don't require padding. These modes simply create a ciphertext as large as the plaintext (although you may still need a static amount of overhead to send the IV vector if you cannot calculate it). AES-GCM is a mode that also uses CTR internally but also adds an authentication tag to protect the integrity and authenticity of the message.
如果您想知道解密之前的大小,绝对可以发送带有该消息的明文长度。如果要保护邮件的完整性,那么您应该将这些值包含在身份验证标签中。
It's absolutely OK to send the length of the plaintext with the message if you want to know the size before decryption. If you want to protect the integrity of the message, you should however include those values in the authentication tag.
如果您有选择,可能更容易CTR或GCM模式加密。
If you have a choice it is probably easier to simply go for CTR or GCM mode encryption.
请注意,还有一种称为CBC的密文窃取方法。然而,CTS不常提供。它可以删除较大密文的填充,但是您仍然会以IV作为开销。
Note that there is also a method called ciphertext stealing for CBC. CTS is however not available very often. It can remove the padding for larger ciphertexts, but you would still be left with the IV as overhead.
这篇关于AES解密后的数据大小的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
