34

Everyone talks about the padding schemes in ciphers but what are the actual strings one needs to pass in to the cipher? I don't care if they are symmetric or asymmetric, I just want a list of the possible values.

Roy Hinkley
  • 10,111
  • 21
  • 80
  • 120
  • 1
    That will be an infinite list. – bmargulies Jun 07 '12 at 15:42
  • You're talking about salts right? These are usually unique, and probably randomly generated. – Clockwork-Muse Jun 07 '12 at 15:49
  • 1
    No not talking about salts. I want a list of possible paddings like: NOPADDING, ANSIX923Padding, PKCS5Padding, PKCS7Padding, ISO10126Padding, etc. Why is there no listing that is inclusive? – Roy Hinkley Jun 07 '12 at 15:58
  • Aaah... the list of possible TYPES of padding or padding SCHEMES. – Sani Huttunen Jun 07 '12 at 16:01
  • Add, where would I find such a list? :^) – Roy Hinkley Jun 07 '12 at 16:03
  • @bmargulies No, there won't be an infinite list. The list is limited to the Java provider implementations supported on your system. Per Sani's answer below that list is finite by default. If you want additional support for other algorithms, modes and padding schemes through a different provider implementation then you can certainly do that explicitly in your code. However, you must load that dependency. Bouncy Castle is one example. –  Sep 06 '13 at 17:54
  • 1
    The question superficially appears to ask for actual bytes to use in padding, not algorithm identifiers. – bmargulies Sep 06 '13 at 19:24
  • 2
    @bmargulies How is that? `what are the actual strings` is explicit in the question! – Roy Hinkley Sep 09 '13 at 11:42

2 Answers2

55

There are many types of padding, PKCS-7, Zero, ISO 10126, ANSI X.923, etc.
I suggest you read up on padding since you seem not to fully understand the concept.

Then there's the possibility you are referring to cryptographic salt.

Edit
Every implementation of the Java platform is required to support the following standard Cipher transformations with the keysizes in parentheses:

  • AES/CBC/NoPadding (128)
  • AES/CBC/PKCS5Padding (128)
  • AES/ECB/NoPadding (128)
  • AES/ECB/PKCS5Padding (128)
  • DES/CBC/NoPadding (56)
  • DES/CBC/PKCS5Padding (56)
  • DES/ECB/NoPadding (56)
  • DES/ECB/PKCS5Padding (56)
  • DESede/CBC/NoPadding (168)
  • DESede/CBC/PKCS5Padding (168)
  • DESede/ECB/NoPadding (168)
  • DESede/ECB/PKCS5Padding (168)
  • RSA/ECB/PKCS1Padding (1024, 2048)
  • RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048)
  • RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048)

You can find a list here.

Edit 2
You can find the Bouncy Castle specification here. It lists all available padding schemes.

Sani Huttunen
  • 23,620
  • 6
  • 72
  • 79
  • 2
    I do understand the concept and that there are many types. What I am having difficulty finding are the valid strings to use in a given situation. I also understand what salt is too! Your answer would be helpful if it included a link to a valid string list. – Roy Hinkley Jun 07 '12 at 15:55
  • You do not seem to fully understand the concept since you are asking for "a valid string list". The "list" would be different for each type of padding. For Zero-padding it is quite simple: 0, 00, 000, 0000, 0000, etc. You need to read up on the different types of padding. – Sani Huttunen Jun 07 '12 at 15:58
  • 4
    Please explain to me why I pass the algorithm, mode and padding as a string to the provider to get a cipher instance then? Ie: "AES/CTR/PKCS5Padding" – Roy Hinkley Jun 07 '12 at 16:01
  • 1
    Thank you, I have all of the algorithms and modes, I just need a comprehensive list of padding schemes. This list is the basic implementation for all Java platforms, there are obviously others. In particular I am using Bouncycastle for interoperability with the Microsoft stack. Could you point me in the direction of their padding schemes? Their documentation does not list the possible strings they accept, at least not that I have been able to find. – Roy Hinkley Jun 07 '12 at 16:13
12

Block cyphers need padding, stream cyphers don't. Block cyphers need padding because they encrypt whole blocks, and your message may not exactly match a whole number of blocks. Padding is used to extend the message length to the next block boundary.

See the Wikipedia article on Cryptographic padding for a lot of detail.

For most purposes PKCS#7 (aka PKCS#5) padding is used: n bytes, all of value n:

01
02 02
03 03 03
...
10 10 10 10 ... 10 10
rossum
  • 15,344
  • 1
  • 24
  • 38