Shobhit Kanaujia wrote: > > Hello everyone, > > I am using the command > openssl enc -des ........... > for encryption. > I am wondering whether there is any flaw in openssl or in my thinking, > because I gave it exactly 128 bits to encrypt and it gives me 128+64 bits as > the result. I thought that 128 bits should give me 128 bits of encrypted > text. > I was thinking that openssl would pad the input so that it ends on a 64 bit > boundary, and so it should not pad the 128 bit input. But it seems that it > does pad it with 64 bits. > The data is padded following the rules of 'standard block padding' which are described in a number of places including PKCS#5 and PKCS#7. The development version of OpenSSL has an option to turn padding off, which will be in OpenSSL 0.9.7. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
