2

I am using the as3crypto library to get the AES algorithm working on a small project that i am doing. This is how i get the crypto function :

var cipher:ICipher = Crypto.getCipher("simple-aes-cbc", key, Crypto.getPad("pkcs5"));

As you can see, I am trying to use AES-128 with CBC and the pkcs5 padding.

If my source data is 128bytes long, the encrypted data is coming as 160bytes. Can some one tell me why this problem is coming?

Following is a small table that I compiled from a sample program.
Source string length | Encrypted string length
15 | 32
16 | 48
31 | 48
32 | 64

Is it supposed to be like this or have I made some mistake.

Jason Towne
  • 8,014
  • 5
  • 54
  • 69
midhunhk
  • 5,560
  • 7
  • 52
  • 83
  • post your 128byte source and the 160byte resonse. – The_asMan Aug 02 '11 at 19:16
  • 1
    doing some math here 128 - 125 =3 and 160-128=32 so i have a feeling those 3 bytes are getting converted to 32 bytes which might be the minimum – The_asMan Aug 02 '11 at 19:20
  • @the_asMan - since I am using ByteArray, I can't get the inner value out of each object directly, but I can find out the length during runtime. If 32 bytes is minimum, then when i supply a 32 byte source, that should result in a 32 bit encrypted string, right? – midhunhk Aug 03 '11 at 06:39
  • dammit, forgot that its 0 based :) – midhunhk Aug 04 '11 at 05:10
  • Come to think about it the 3 converted to 32 might be due to the padding. – The_asMan Aug 04 '11 at 20:58

1 Answers1

1

It is supposed to be like that. You asked for PKCS5 padding which always adds at least one byte of padding. And, of course, the input must be rounded up to some number of whole blocks because AES produces 16-byte chunks of output. With half a block, you cannot decrypt any of the input at all.

David Schwartz
  • 179,497
  • 17
  • 214
  • 278
  • Is the padding added after encrypting the plaintext? – midhunhk Aug 16 '11 at 06:37
  • No, it's added to the plaintext before encrypting. One of the purposes of the padding is to "round up" the size of the plaintext to an even multiple of the cipher's block size. – David Schwartz Aug 16 '11 at 18:36
  • Suppose my cipher's block size is 16, And that I have say some 4 blocks of data ( of 16 bytes). Ideally only the last block should be padded as the rest 3 blocks will be the same size as the Cipher's block size? – midhunhk Aug 17 '11 at 06:01
  • If you want to think of it that way, you can. I prefer to think that the input doesn't consist of blocks when it's padded and it's the input as a whole that's padded. If you have a 17-byte input, I don't think it's sensible to say that consists of a 16-byte block and 1-byte block just because your cipher has a 16-byte block size. The whole point of padding is to adapt input that doesn't consist of blocks to a block cipher. – David Schwartz Aug 18 '11 at 01:21