Crypt::CBC Padding Options

Padding options are described for the Crypt::CBC encryption process. There are 6 padding options supported by Crypt::CBC, 'standard' (i.e., PKCS#5), 'oneandzeroes', 'space', 'rijndael_compat', 'null', and 'none'.

I think we have learned enough about Crypt::CBC encryption options. We should look at what padding options are supported by Crypt::CBC. Padding is important, because our plaintext will not be multiple of 8-byte blocks most of the time.

In the Crypt::CBC manual, I see 6 padding options:

-padding => 'standard' - (default) Also called PKCS#5. Binary safe: Pads with the number of bytes that should be truncated. So, if blocksize is 8 bytes, then "0A0B0C" will be padded with "05", resulting in "0A0B0C0505050505". If the final block is a full block of 8 bytes, then a whole block of "0808080808080808" is appended.

-padding => 'oneandzeroes' - Binary safe: Pads with "80" followed by as many "00" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "8000000000000000" will be appended.

-padding => 'rijndael_compat' - Binary safe, with caveats: Similar to oneandzeroes, except that no padding is performed if the last block is a full block. This is provided for compatibility with Crypt::Rijndael only and can only be used with messages that are a multiple of the Rijndael blocksize of 16 bytes.

-padding => 'null' - Text only, not binary safe: Pads with as many "00" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "0000000000000000" will be appended.

-padding => 'space' - Text only, not binary safe: Pads with as many "20" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "2020202020202020" will be appended.

-padding => 'none': No padding added. Useful for special-purpose applications where you wish to add custom padding to the message.

Based on these descriptions, I think we should always go with the 'standard' option, which is the well known padding standard, PKCS#5. It is easy to use, binary safe, and supported by many encryption tools.

See the next tutorial for an example Perl script showing how different padding options works.

Last update: 2015.

Table of Contents

 About This Book

 Blowfish Cipher Algorithm

 Perl Crypt::Blowfish Module

 Perl Crypt::ECB Perl Module

Perl Crypt::CBC Module

 What is Crypt::CBC?

 Installing Crypt::CBC 2.33 with ActivePerl

 Crypt::CBC Encryption with Literal Keys

 Crypt::CBC Literal Key Error Cases

 Crypt::CBC Encryption with Crypt::Blowfish Objects

 Crypt::CBC Operation Simulation

 Crypt::CBC Encryption Verification

 Blowfish CBC 2-Block Test Vectors

 Crypt::CBC Prepending IV to Ciphertext

 Crypt::CBC Encryption with Salted Keys

 Crypt::CBC Salted Key Test Cases

 Crypt::CBC Secret Key and IV Algorithm

 Crypt::CBC Encryption with Random Salt

Crypt::CBC Padding Options

 Crypt::CBC Padding Option Tests

 Crypt::CBC Blowfish Encryption Summary

 Perl Crypt::CFB Perl Module

 OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

 OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption

 OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption

 OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption

 References

 PDF Printing Version