1

I'm trying to figure out how padding works by seeing what happens when I try to encrypt a 16 byte file with AES-128-CBC. My understanding was if I encrypt a file of size, say, 28, then there would automatically be 4 bytes of padding to make it 32. But when I encrypted my 16-byte file, the size ended up being 48 bytes. I did research and learned that a single padding block is automatically added to direct multiples in order to distinguish the padding from the plaintext, but if that's so, then why is it 48 bytes and not 32 as well (16 plaintext + 16 padding)?

Alyssa June
  • 133
  • 5
  • 2
    Did you specify an IV? Do the first 16 bytes match that, i.e. your system is including the IV in the cipher text? Can you try ECB instead? – Rup Feb 11 '20 at 05:29
  • possibe duplicate of What is the difference between PKCS#5 padding and PKCS#7 padding – kelalaka Feb 11 '20 at 07:28
  • In PKCS#7 padding $$paddingSize = n - (messageLenght \bmod n)$$ – kelalaka Feb 11 '20 at 07:30
  • If you ask with your code in stackoverflow we can find the reason easily. – kelalaka Feb 11 '20 at 11:59
  • Or are you using the openssl enc command, or an alias (in this case openssl aes-128-cbc)? That doesn't do plain encryption per the specs of AES and CBC; it does password-pased encryption using salt, which is added to the file and changes its size; see https://crypto.stackexchange.com/questions/3298/is-there-a-standard-for-openssl-interoperable-aes-encryption (caveat: my answer) @kelalaka: and for len multiple of blocksize n that formula gives n (one block) as Q says – dave_thompson_085 Feb 12 '20 at 07:39
  • I did use the openssl command. I’m doing a lab assignment for a class and the instructions were to encrypt a 16-byte file (no IV) using all four modes of AES. Then we have to determine by the size of the encrypted files which use padding and which do not. I knew that CBC and EBC used padding because I ended up with an encrypted file size of 48 but I just don’t know why it’s 48 instead of 32. – Alyssa June Feb 12 '20 at 17:00
  • So with using a password, does that mean the extra 16 bytes are just overhead/metadata? – Alyssa June Feb 12 '20 at 17:01
  • Does your ciphertext start with Salted__ in ASCII? In that case you are not using AES-CBC directly, you are using a AES-CBC after deriving a key from a password. – Maarten Bodewes Mar 09 '20 at 18:21

1 Answers1

0

Is your "-K" in the code in uppercase or lowercase? If it is in lowercase, the encryption will automatically add a salt value into your cipher text, causing it to have more than 32 bytes. CBC will pad it until it reaches 48 bytes later(the multiplication of 16).

Aaron Lieu
  • 1