pkcs5패딩이란!! 8바이트 단위로 암호화 할 때, 마지막에 모자란경우 padding(3바이트 모자라므로 03으로) [11 A2 13 2F 33] ==pkcs5Padding====> [11 A2 13 2F 33 03 03 03] question : One runtime platform provides an API that supplies PKCS#5 padding for block cipher modes such as ECB and CBC. These modes have been defined for the triple DES, AES and Blowfish block ciphers. The other platform API only provides PKCS#7 padding. Are PKCS#5 padding and PKCS#7 padding compatible? answer : The difference between the PKCS#5 and PKCS#7 padding mechanisms is the block size; PKCS#5 padding is defined for 8-byte block sizes, PKCS#7 padding would work for any block size from 1 to 255 bytes. This is the definition of PKCS#5 padding (6.2) as defined in the RFC: The padding string PS shall consist of 8 - (||M|| mod 8) octets all having value 8 - (||M|| mod 8). The RFC that contains the PKCS#7 standard is the same except that it allows block sizes up to 255 bytes in size (10.3 note 2): For such algorithms, the method shall be to pad the input at the trailing end with k - (l mod k) octets all having value k - (l mod k), where l is the length of the input. So fundamentally PKCS#5 padding is a subset of PKCS#7 padding for 8 byte block sizes. Hence, PKCS#5 padding can not be used for AES. PKCS#5 padding was only defined with (triple) DES operation in mind. Many cryptographic libraries use an identifier indicating PKCS#5 or PKCS#7 to define the same padding mechanism. The identifier should indicate PKCS#7 if block sizes other than 8 are used within the calculation. Some cryptographic libraries such as the SUN provider in Java indicate PKCS#5 where PKCS#7 should be used - Note that neither PKCS#5 nor PKCS#7 is a standard created to describe a padding mechanism. The padding part is only a small subset of the defined functionality. PKCS#5 is a standard for Password Based Encryption or PBE, and PKCS#7 defines the Cryptographic Message Syntax or CMS. |
'암호화관련' 카테고리의 다른 글
| 대칭키 알고리즘의 종류 (0) | 2016.08.03 |
|---|---|
| 공개키 알고리즘 (0) | 2016.07.11 |
| 컴퓨터보안 midterm 용어 (0) | 2016.02.22 |
