在哪里放置有关填充长度的信息？ [英] Where to put information about padding length?

问题描述

我正在使用AES加密器和解密器。我决定使用PKCS＃7。现在，我不知道在哪里放置有关填充长度的信息。我读过，我可以读取最后一个字节（== n），并检查它是否低于16.如果是真的，我可以检查n个字节，如果他们是相等的n。但这是一件事。如果加密的最后一个块有16个字节，如下图所示：

  {0x01，0xfa，...， 0xf1，0x02,0x02} 
  

解密后，解密器将读取它，并决定最后两个字节被填充（实际上它们不是）。

我应该在长度的文件的开头添加字节，并且解密器将读取它并从第二个字节开始解密。 p>

解决方案

PKCS＃7填充是确定性的。这意味着，未填充应该始终能够找出填充长度本身。所以你首先解密，然后取最后一个字节（作为数字），那就是填充长度。 为了这样工作，应用PKCS＃7填充始终。因此，填充量，因此字节值为1，对于AES，为16位。。如果明文可以被16分隔，则应用一个完整的填充块 - 字节值为16 / 0x10。

简而言之，计算是：

  p = n  - l％n 
  

其中 p 是垫尺寸&值 n 是块大小， l 是明文的大小。

I'm working on AES encryptor and decryptor. I've decided to use PKCS#7. And now, I've no idea where to put information about padding length. I've read that I can read last byte (==n) and check if it's lower than 16. If it's true i can check n bytes if they are equal n. But here is a thing. What if the last block to encrypt has 16 bytes and looks like this for exmaple:

{0x01, 0xfa,..., 0xf1, 0x02, 0x02}

After decryption, decryptor will read it and decide that two last bytes are padded (in fact they are not).

Should I add byte at the begining of a file with length, and decryptor will read it and start decrypting from second byte?

解决方案

PKCS#7 padding is deterministic. That means that unpadding should always be able to find out the padding length itself. So you first decrypt, then take the last byte (as number) and that is the padding length. For this to work, PKCS#7 padding is always applied. So the amount of padding, and thus the value of the bytes, is 1 to the blocksize, which is 16 bytes for AES. . If the plaintext is already dividable by 16, a full block of padding - with bytes valued 16 / 0x10 is applied.

In short, the calculation is:

p = n - l % n

where p is the pad size & value, n is the block size and l is the size of the plaintext.

这篇关于在哪里放置有关填充长度的信息？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！