Blowfish Cipher Tutorials - Herong's Tutorial Examples - Version 2.00, by Dr. Herong Yang
Crypt::CBC Padding Options
Padding options are described for the Crypt::CBC encryption process. There are 6 padding options supported by Crypt::CBC, 'standard' (i.e., PKCS#5), 'oneandzeroes', 'space', 'rijndael_compat', 'null', and 'none'.
I think we have learned enough about Crypt::CBC encryption options. We should look at what padding options are supported by Crypt::CBC. Padding is important, because our plaintext will not be multiple of 8-byte blocks most of the time.
In the Crypt::CBC manual, I see 6 padding options:
-padding => 'standard' - (default) Also called PKCS#5. Binary safe: Pads with the number of bytes that should be truncated. So, if blocksize is 8 bytes, then "0A0B0C" will be padded with "05", resulting in "0A0B0C0505050505". If the final block is a full block of 8 bytes, then a whole block of "0808080808080808" is appended.
-padding => 'oneandzeroes' - Binary safe: Pads with "80" followed by as many "00" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "8000000000000000" will be appended.
-padding => 'rijndael_compat' - Binary safe, with caveats: Similar to oneandzeroes, except that no padding is performed if the last block is a full block. This is provided for compatibility with Crypt::Rijndael only and can only be used with messages that are a multiple of the Rijndael blocksize of 16 bytes.
-padding => 'null' - Text only, not binary safe: Pads with as many "00" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "0000000000000000" will be appended.
-padding => 'space' - Text only, not binary safe: Pads with as many "20" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "2020202020202020" will be appended.
-padding => 'none': No padding added. Useful for special-purpose applications where you wish to add custom padding to the message.
Based on these descriptions, I think we should always go with the 'standard' option, which is the well known padding standard, PKCS#5. It is easy to use, binary safe, and supported by many encryption tools.
See the next tutorial for an example Perl script showing how different padding options works.
Last update: 2015.
Table of Contents