Editing Padding (cryptography) (section)

=====PKCS#5 and PKCS#7=====
[[PKCS|PKCS#7]] is described in [https://tools.ietf.org/html/rfc5652#section-6.3 RFC 5652].

Padding is in whole bytes.  The value of each added byte is the number of bytes that are added, i.e. {{Var|N}} bytes, each of value {{Var|N}} are added.  The number of bytes added will depend on the block boundary to which the message needs to be extended.

The padding will be one of:

 01
 02 02
 03 03 03
 04 04 04 04
 05 05 05 05 05
 06 06 06 06 06 06
 etc.

This padding method (as well as the previous two) is well-defined if and only if {{Var|N}} is less than 256.

Example:
In the following example, the block size is 8 bytes and padding is required for 4 bytes

 ... | DD DD DD DD DD DD DD DD | DD DD DD DD '''04 04 04 04''' |

If the length of the original data is an integer multiple of the block size {{Var|B}}, then an extra block of bytes with value {{Var|B}} is added. This is necessary so the deciphering algorithm can determine with certainty whether the last byte of the last block is a pad byte indicating the number of padding bytes added or part of the plaintext message. Consider a plaintext message that is an integer multiple of {{Var|B}} bytes with the last byte of plaintext being '''01'''. With no additional information, the deciphering algorithm will not be able to determine whether the last byte is a plaintext byte or a pad byte. However, by adding {{Var|B}} bytes each of value {{Var|B}} after the '''01''' plaintext byte, the deciphering algorithm can always treat the last byte as a pad byte and strip the appropriate number of pad bytes off the end of the ciphertext; said number of bytes to be stripped based on the value of the last byte.

PKCS#5 padding is identical to PKCS#7 padding, except that it has only been defined for block ciphers that use a 64-bit (8-byte) block size. In practice, the two can be used interchangeably.

The maximum block size is 255, as it is the biggest number a byte can contain.