Johannes Bauer wrote:
Hello list,
I'm having trouble with the openssl enc feature. This here:
echo -n '0123456789abcde' | openssl enc -aes128 -nosalt -K
00112233445566778899aabbccddeeff -iv 00000000000000000000000000000000 | wc -c
(encoding 15 characters) results in one result block being generated: The
command results in 16 (exactly one block). However, when encrypting a full
block:
echo -n '0123456789abcdef' | openssl enc -aes128 -nosalt -K
00112233445566778899aabbccddeeff -iv 00000000000000000000000000000000 | wc -c
Then two result blocks are generated (the result is 32). Why is this? A full 16
byte block should IMHO always translate to a 16 byte block in AES-128.
What's wrong here?
Regards,
Joe
Use the -nopad switch to tell the tool to not use any padding. e.g.
echo -n '0123456789abcdef' | openssl enc -nopad -aes128 -nosalt -K
00112233445566778899aabbccddeeff -iv 00000000000000000000000000000000 |
wc -c
By default all data is padded, even a full block. If full blocks were
not padded, the other side wouldn't know if padding was used or not. It
can't look at the data to see if it looks like padded data because the
original payload might already look like padding data and would cause
the receiver to wrongly deduce that padding exists when it doesn't. The
way around that problem is to pad everything, even full blocks.
Dimitris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
