0

What is padding for PBEWITHSHA256AND128BITAES-CBC-BC (Bouncy Castle)

Sorry for tiny information, let me elaborate more background of the question. There have two systems. One is java (A) and another is PHP (B). Now we have one requirement to send string/text from system A to B. The content of string/text is encrypt by AES using jasypt. But I cannot decrypt it using mcrypt. I suspect it may due to A and B are using different parameters of AES so I try to find out how system A encrypt string/text. The information what I found are shown as below except padding,

jasypt ( java simple encryption )/PBEWITHSHA256AND128BITAES-CBC-BC

cipher: AES

length: 128 bit

encryption mode: CBC

JCE providers : Bouncy Castle

Salt : FixedStringSaltGenerator

Iterations: 2

Padding : ????

Thank in advance!

Buhake Sindi
  • 87,898
  • 29
  • 167
  • 228
baodi
  • 61
  • 8

1 Answers1

2

That really depends on the actual Cipher instance you use to encrypt, thus your question doesn't make much sense (as @Buhake Sindi points out).

In any case, it would not be unusual to use PKCS#5, as in

Cipher.getInstance( "AES/CBC/PKCS5Padding" )

The point is: You decide the padding mode (the provider must implement it of course).

Have a look at the BouncyCastle Specifications - it should be clear from section 4.2 which padding modes can be used with which ciphers. Again, the default is PKCS#5/#7.

Cheers,

Anders R. Bystrup
  • 15,729
  • 10
  • 59
  • 55
  • I think I found out answer from oracle. For PBE(Password-Based Encryption)is use PKCS5.http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA – baodi Dec 11 '12 at 10:03
  • 1
    There's nothing in that link/anchor combo related to padding, you know? To reiterate: Most crypto implementations will default to PKCS#5/7, but you can choose otherwise using the `Cipher.getInstance( "algorithm/mode/padding" )` transformation. – Anders R. Bystrup Dec 11 '12 at 10:51
  • Good for you :-) I posted that link above yesterday with some comments as well. – Anders R. Bystrup Dec 13 '12 at 07:44