Cryptography Tutorials - Herong's Tutorial Examples - v5.41, by Herong Yang
Block Padding in mcrypt
This section describes the padding schema used in PHP mcrypt library for MCRYPT_MODE_ECB and MCRYPT_MODE_CBC modes. mcrypt simply pads 0x00 to the end of the plaintext.
If you use mcrypt DES to encrypt a stream of bytes in MCRYPT_MODE_CFB or MCRYPT_MODE_OFB mode, you don't need to worry about padding the byte stream. Because MCRYPT_MODE_CFB and MCRYPT_MODE_OFB are 1-byte ciphers.
But if you use mcrypt DES to encrypt a stream of bytes in MCRYPT_MODE_ECB or MCRYPT_MODE_CBC mode, you have to worry about padding the byte stream. Because MCRYPT_MODE_ECB and MCRYPT_MODE_CBC are 8-byte ciphers.
"mycypt" offers a very simple padding method which simply adds 0x00 to the end of the plaintext message to make it multiples of 8 bytes (64 bits) for MCRYPT_MODE_ECB and MCRYPT_MODE_CBC modes.
This will create problems if you encrypt a message with PHP mcrypt in MCRYPT_MODE_ECB mode and send it to someone else who tries to decrypt it with a JDK JCE program. Because the JDK JCE package uses the DES/ECB/PKCS5Padding mode by default. The last block will fail to decrypt because the padding schema is different.
So if you want exchange DES encrypted messages with a Java programmer, you need to handle the PKCS5Padding padding yourself as part of your PHP script. See the PKCS5Padding schema section for detailed information.
Table of Contents