>From: owner-openssl-us...@openssl.org On Behalf Of Hailei Hu >Sent: Thursday, 13 December, 2012 06:27
>Thanks to your reply. >The first solution: >"you can set the length parameter on the decrypt operation to be 16 which will >provide you with a result that is your original 10 bytes plus 6 bytes of >zeros, which you can then remove" >I think it may be a problem when the file is encrypted by other person, >because I do not konw the original size, and thus >I do not know how many bytes to remove. That's what padding schemes are for. Padding with zeros, if that's indeed what you have, only works for data that never ends with zeros, so you strip all trailing zeros (up to a block). Precisely because this doesn't work for all data it has fallen out of favor. The popular padding today (and the default for EVP) is PKCS#5/7, which is unambiguous for any data. http://en.wikipedia.org/wiki/Padding_(cryptography) >The second one I think would be a great solution.Thanks again. >On Wed, Dec 12, 2012 at 10:25 PM, engineereeyore <mar...@ece.unm.edu> wrote: > The problem is that aes_cbc is a block cipher and works on 16-byte blocks, > typically. By default, any data block that is less than this size is > padded, as is the case for you. Since you're only sending in 10 bytes, your > 10 bytes are being padded with zeros to make the block 16 bytes. > So, to answer your question, you can do one of two things. First, you can > set the length parameter on the decrypt operation to be 16 which will > provide you with a result that is your original 10 bytes plus 6 bytes of > zeros, which you can then remove. The better approach would be to specify > "no padding" in your structure. This can be done using the function > EVP_CIPHER_CTX_set_padding. Set the padding parameter to zero and your > output should always be the same length as your inputs. Only works if the data is (always) an exact multiple of the block size. If that's the case, yes, it preserves the size. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
