Cipher Block - Padding

> Software Security > Cryptography - Key

1 - About

Padding fill the last block of a file to be processed by a block cipher.

For the ECB, CBC, and CFB modes, the plaintext must be a sequence of one or more complete data blocks (or, for CFB mode, data segments).

In other words, for these three modes, the total number of bits in the plaintext must be a positive multiple of the block (or segment) size.

If the data string to be encrypted does not initially satisfy this property, then the formatting of the plaintext must entail an increase in the number of bits.

A common way to achieve the necessary increase is to append some extra bits, called padding, to the trailing end of the data string as the last step in the formatting of the plaintext.

Advertising

3 - Method

3.1 - Cts

3.2 - Append

Append a single 1 bit to the data string and then to pad the resulting string by as few 0 bits, possibly none, as are necessary to complete the final block (segment).

The padding bits can be removed unambiguously if the receiver can determine that the message is indeed padded for instance by one of the below method:

  • require the sender to pad every message, including messages in which the final block (segment) is already complete. For such messages, an entire block (segment) of padding is appended.
  • sent messages without padding if, for every message, the existence of padding can be reliably inferred, e.g., from a message length indicator.

4 - Documentation / Reference