W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: block encryption algorithm padding

From: Tom Gindin <tgindin@us.ibm.com>
Date: Tue, 16 Apr 2002 11:18:56 -0400
To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Cc: xml-encryption@w3.org
Message-ID: <OF2A3B42AE.4DD469B3-ON85256B9D.0053F6F3@pok.ibm.com>

      Christian:

      That's PKCS#5 padding, not PKCS#7 padding.  AFAIK, there's no such
thing as PKCS#7 padding.  Obviously, X.923 padding and PKCS#5 padding have
the same entropy issues.

            Tom Gindin


Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>@w3.org
on 04/16/2002 09:36:02 AM

Sent by:    xml-encryption-request@w3.org


To:    xml-encryption@w3.org
cc:
Subject:    Re: block encryption algorithm padding


Just to have a way to name padding mechanisms, here are some examples:

blocklength = 8
datalength = 9
number of pad octets = 7
data=FF FF FF FF FF FF FF FF FF

DATA              FF FF FF FF FF FF FF FF FF
X923Padding       FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 07
PKCS7Padding      FF FF FF FF FF FF FF FF FF 07 07 07 07 07 07 07
ISO10126d2Padding FF FF FF FF FF FF FF FF FF 7D 2A 75 EF F8 EF 07

X.923 defines to fill the octets before the length with zeroes
PKCS defines to fill the octets before the length with the length value
ISO 10126 D2 defines to fill the octets before the length with random data


Christian
Received on Tuesday, 16 April 2002 11:19:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT