System.Security.Cryptography AES,最后17个字节是什么? [英] System.Security.Cryptography AES, what are the last 17 bytes?
问题描述
System.Security.Cryptography的AES CBC实现中的填充模式是什么.
What is the Padding Mode in the AES CBC implementation of System.Security.Cryptography.
使用16 0x00s的密钥和16 0x00s的IV.对于零",无","PKCS7","ANSIX923"和ISO10126的填充模式,结果都是相同的,我对16 0x00的明文进行了加密.我的代码填充明文 从零开始到16字节的下一个倍数. (我发现如果输入的文本长度不是16的倍数,则库将引发异常.)
Using a Key of 16 0x00s and an IV of 16 0x00s. The results are identical for the padding modes of "Zeros", "None", "PKCS7", "ANSIX923", and ISO10126, I encrypted a plaintext of 16 0x00s. My code pads the plaintext out with zeros to the next multiple of 16 bytes. (I found the library throws an exception if my input text length is not a multiple of 16. )
这是我的结果:
00000000000000000000000000000000000000-纯文本
00000000000000000000000000000000 - Plain Text
0000000000000000000000000000000000000000000000000000000000000000000000000000-纯文本带有我的填充
0000000000000000000000000000000000000000000000000000000000000000 - Plain Text with my Padding
从零",无","PKCS7","ANSIX923"和ISO10126的模式输出的加密文本:
Crypto Text output from the modes of "Zeros", "None", "PKCS7", "ANSIX923", and ISO10126:
66E94BD4EF8A2C3B884CFA59CA342B2EF795BD4A52E29ED713D313FA20E98DBC5C047616756FDC1C32E0DF6E8C59BB2A
66E94BD4EF8A2C3B884CFA59CA342B2EF795BD4A52E29ED713D313FA20E98DBC5C047616756FDC1C32E0DF6E8C59BB2A
66E94BD4EF8A2C3B884CFA59CA342B2EF795BD4A52E29ED713D313FA20E98DBC5C047616756FDC1C32E0DF6E8C59BB2A
66E94BD4EF8A2C3B884CFA59CA342B2EF795BD4A52E29ED713D313FA20E98DBC5C047616756FDC1C32E0DF6E8C59BB2A
66E94BD4EF8A2C3B884CFA59CA342B2EF795BD4A52E29ED713D313FA20E98DBC5C047616756FDC1C32E0DF6E8C59BB2A
66E94BD4EF8A2C3B884CFA59CA342B2EF795BD4A52E29ED713D313FA20E98DBC5C047616756FDC1C32E0DF6E8C59BB2A
66E94BD4EF8A2C3B884CFA59CA342B2EF795BD4A52E29ED713D313FA20E98DBC5C047616756FDC1C32E0DF6E8C59BB2A
66E94BD4EF8A2C3B884CFA59CA342B2EF795BD4A52E29ED713D313FA20E98DBC5C047616756FDC1C32E0DF6E8C59BB2A
66E94BD4EF8A2C3B884CFA59CA342B2EF795BD4A52E29ED713D313FA20E98DBC5C047616756FDC1C32E0DF6E8C59BB2A
66E94BD4EF8A2C3B884CFA59CA342B2EF795BD4A52E29ED713D313FA20E98DBC5C047616756FDC1C32E0DF6E8C59BB2A
最后16个字节代表PKCS7填充模式.
These last 16 bytes represent the PKCS7 padding mode.
我想知道为什么不能覆盖默认模式吗?
I wonder why can't I override the mode from the default?
即使启用了默认填充,库也为什么坚持输入文本为16字节的倍数.我以为那是填充的用途.
Even with the default padding kicked in, why does the library insist on the input text being a multiple of 16 bytes. I thought that was what the padding was for.
推荐答案
"输入和输出必须为128位的倍数". (块大小)规则是在AES算法本身中定义的(请参见 FIPS Pub 197 ,第3.1节),因为此算法中使用了所有位操作.由于这种情况,当输入不适合块大小时需要填充.
"The input and output must be multiples of 128bit" (block size) rule is defined in the AES algorithm itself (see FIPS Pub 197, Section 3.1) because of all the bit manipulation be used in this algorithm. Because of this padding is required when the input does not fit the blocksize.
通常选择空字节进行填充,因为在以空终止的字符串的情况下,自动调整大小会带来方便的副作用. (将字符串结尾标记为空字符的字符串类型.因此,输出将自动显示为 自行修剪,无需进一步处理.)
Usually null byte is choosen for padding because of the convenient side effect of automatic resizing in case of null-terminated string. (the type of string that marks end-of-string with a null character. Because of this the output will appear to be automatically trimmed by itself and no further processing is needed.)
这篇关于System.Security.Cryptography AES,最后17个字节是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
