Blowfish Cipher Tutorials - Herong's Tutorial Examples - v2.03, by Herong Yang
Crypt::CBC Padding Options
Padding options are described for the Crypt::CBC encryption process. There are 6 padding options supported by Crypt::CBC, 'standard' (i.e., PKCS#5), 'oneandzeroes', 'space', 'rijndael_compat', 'null', and 'none'.
I think we have learned enough about Crypt::CBC encryption options. We should look at what padding options are supported by Crypt::CBC. Padding is important, because our plaintext will not be multiple of 8-byte blocks most of the time.
In the Crypt::CBC manual, I see 6 padding options:
-padding => 'standard' - (default) Also called PKCS#5. Binary safe: Pads with the number of bytes that should be truncated. So, if blocksize is 8 bytes, then "0A0B0C" will be padded with "05", resulting in "0A0B0C0505050505". If the final block is a full block of 8 bytes, then a whole block of "0808080808080808" is appended.
-padding => 'oneandzeroes' - Binary safe: Pads with "80" followed by as many "00" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "8000000000000000" will be appended.
-padding => 'rijndael_compat' - Binary safe, with caveats: Similar to oneandzeroes, except that no padding is performed if the last block is a full block. This is provided for compatibility with Crypt::Rijndael only and can only be used with messages that are a multiple of the Rijndael blocksize of 16 bytes.
-padding => 'null' - Text only, not binary safe: Pads with as many "00" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "0000000000000000" will be appended.
-padding => 'space' - Text only, not binary safe: Pads with as many "20" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "2020202020202020" will be appended.
-padding => 'none': No padding added. Useful for special-purpose applications where you wish to add custom padding to the message.
Based on these descriptions, I think we should always go with the 'standard' option, which is the well known padding standard, PKCS#5. It is easy to use, binary safe, and supported by many encryption tools.
See the next tutorial for an example Perl script showing how different padding options works.
Table of Contents
Installing Crypt::CBC 2.33 with ActivePerl
Crypt::CBC Encryption with Literal Keys
Crypt::CBC Literal Key Error Cases
Crypt::CBC Encryption with Crypt::Blowfish Objects
Crypt::CBC Operation Simulation
Crypt::CBC Encryption Verification
Blowfish CBC 2-Block Test Vectors
Crypt::CBC Prepending IV to Ciphertext
Crypt::CBC Encryption with Salted Keys
Crypt::CBC Salted Key Test Cases
Crypt::CBC Secret Key and IV Algorithm
Crypt::CBC Encryption with Random Salt
Crypt::CBC Padding Option Tests
Crypt::CBC Blowfish Encryption Summary
OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption
OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption
OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption
OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption