Editing Padding (cryptography) (section)

====Byte padding====

Byte padding can be applied to messages that can be encoded as an integral number of [[byte]]s.

=====ANSI X9.23=====

In ANSI X9.23, between 1 and 8 bytes are always added as padding. The block is padded with random bytes (although many implementations use 00) and the last byte of the block is set to the number of bytes added.<ref>{{cite web |title=ANSI X9.23 cipher block chaining |url=https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.wskc.doc/wskc_c_l0wskc58.html |website=IBM Knowledge Center |publisher=IBM |access-date=31 December 2018}}</ref>

Example:
In the following example the block size is 8 bytes, and padding is required for 4 bytes (in hexadecimal format)

 ... | DD DD DD DD DD DD DD DD | DD DD DD DD '''00 00 00 04''' |

=====ISO 10126=====

ISO 10126 (withdrawn, 2007<ref>[http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=18113 ISO catalog, ''ISO 10126-1:1991'']</ref><ref>[http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=18114 ISO catalog, ''ISO 10126-2:1991'']</ref>) specifies that the padding should be done at the end of that last block with random bytes, and the padding boundary should be specified by the last byte.

Example:
In the following example the block size is 8 bytes and padding is required for 4 bytes

 ... | DD DD DD DD DD DD DD DD | DD DD DD DD '''81 A6 23 04''' |

=====PKCS#5 and PKCS#7=====
[[PKCS|PKCS#7]] is described in [https://tools.ietf.org/html/rfc5652#section-6.3 RFC 5652].

Padding is in whole bytes.  The value of each added byte is the number of bytes that are added, i.e. {{Var|N}} bytes, each of value {{Var|N}} are added.  The number of bytes added will depend on the block boundary to which the message needs to be extended.

The padding will be one of:

 01
 02 02
 03 03 03
 04 04 04 04
 05 05 05 05 05
 06 06 06 06 06 06
 etc.

This padding method (as well as the previous two) is well-defined if and only if {{Var|N}} is less than 256.

Example:
In the following example, the block size is 8 bytes and padding is required for 4 bytes

 ... | DD DD DD DD DD DD DD DD | DD DD DD DD '''04 04 04 04''' |

If the length of the original data is an integer multiple of the block size {{Var|B}}, then an extra block of bytes with value {{Var|B}} is added. This is necessary so the deciphering algorithm can determine with certainty whether the last byte of the last block is a pad byte indicating the number of padding bytes added or part of the plaintext message. Consider a plaintext message that is an integer multiple of {{Var|B}} bytes with the last byte of plaintext being '''01'''. With no additional information, the deciphering algorithm will not be able to determine whether the last byte is a plaintext byte or a pad byte. However, by adding {{Var|B}} bytes each of value {{Var|B}} after the '''01''' plaintext byte, the deciphering algorithm can always treat the last byte as a pad byte and strip the appropriate number of pad bytes off the end of the ciphertext; said number of bytes to be stripped based on the value of the last byte.

PKCS#5 padding is identical to PKCS#7 padding, except that it has only been defined for block ciphers that use a 64-bit (8-byte) block size. In practice, the two can be used interchangeably.

The maximum block size is 255, as it is the biggest number a byte can contain.

=====ISO/IEC 7816-4=====

[[ISO/IEC 7816]]-4:2005<ref>[http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=36134 ISO catalog, ''ISO/IEC 7816-4:2005'']</ref> is identical to the bit padding scheme, applied to a plain text of ''N'' bytes. This means in practice that the first byte is a mandatory byte valued '80' (Hexadecimal) followed, if needed, by 0 to ''N''&nbsp;−&nbsp;1 bytes set to '00', until the end of the block is reached. ISO/IEC 7816-4 itself is a communication standard for smart cards containing a file system, and in itself does not contain any cryptographic specifications.

Example:
In the following example the block size is 8 bytes and padding is required for 4 bytes

 ... | DD DD DD DD DD DD DD DD | DD DD DD DD '''80 00 00 00''' |

The next example shows a padding of just one byte

 ... | DD DD DD DD DD DD DD DD | DD DD DD DD DD DD DD '''80''' |

=====Zero padding=====

All the bytes that are required to be padded are padded with zero. The zero padding scheme has not been standardized for encryption,{{citation needed|date=August 2013}} although it is specified for hashes and MACs as Padding Method 1 in ISO/IEC 10118-1<ref>[https://www.iso.org/standard/64213.html ISO/IEC 10118-1:2016 ''Information technology – Security techniques – Hash-functions – Part 1: General'']</ref> and [[ISO/IEC 9797-1]].<ref>[https://www.iso.org/standard/50375.html ISO/IEC 9797-1:2011 ''Information technology – Security techniques – Message Authentication Codes (MACs) – Part 1: Mechanisms using a block cipher'']</ref>

Example:
In the following example the block size is 8 bytes and padding is required for 4 bytes

 ... | DD DD DD DD DD DD DD DD | DD DD DD DD '''00 00 00 00''' |

Zero padding may not be reversible if the original file ends with one or more zero bytes, making it impossible to distinguish between plaintext data bytes and padding bytes. It may be used when the length of the message can be derived [[Out-of-band data|out-of-band]]. It is often applied to binary encoded{{clarify |date=March 2020 |reason= What other kind of string is there, other than binary encoded?}} [[String (computer science)|strings]] ([[null-terminated string]]) as the [[null character]] can usually be stripped off as [[Whitespace character|whitespace]].

Zero padding is sometimes also referred to as "null padding" or "zero byte padding". Some implementations may add an additional block of zero bytes if the plaintext is already divisible by the block size.{{citation needed|date=August 2013}}