How can padding be disambiguated from data, when encrypting using a block cipher?

Question

How can padding be disambiguated from data, when encrypting using a block cipher?

I'm by no means an expert in cryptography, but rather a programmer with a keen interest.

Suppose, I've X bytes of data, message M, that I want to encrypt using an N-byte block cipher, where N >> X.

How can M be padded using N-X bytes of padding O, such that there would be no ambiguity between decrypting the padded message M´ and the (concatenated) message M|O?

How is this done in practice? Normally, when encrypting using a block cipher, I don't see a header being output describing the original length of the message M?

Conrado · Accepted Answer · 2019-08-12T19:40:49.097

The usual padding for block ciphers ("PKCS#7 padding") is not a sequence of zeroes, but a sequence of P = N - (X % N) bytes each with value P.

If the message is a multiple of the block size, then a full block of padding is added (where each byte value is the block size).

For example, is the message is 15-byte long and the block size is 16 bytes, than one byte of padding will be added, and the value of the byte is 1. If the message is 14-byte long, two bytes with value 2 will be added. If the message is 16-byte long, sixteen bytes with value 16 will be added.

With these rules, the padding is unambiguous.

How can padding be disambiguated from data, when encrypting using a block cipher?

1 Answers1