-
Notifications
You must be signed in to change notification settings - Fork 55
Padding
Many cryptographic operations are based on "blocks" that have a predefined size (e.g. 40 bits). When the data you need to transform (whether encrypt, sign, etc.) is not guaranteed to exactly fit an integer multiple of the predefined block size, you need to use an algorithm with "padding". Padding adds a recognizable trail of bits to the end of your untransformed data so that it will always fit exactly into some integer number of blocks, such that when you reverse the cryptographic operation, the padding is recognized and automatically removed so that you get the data you expect.
Padding is designed to not compromise the value of the cryptographic operation. For example, when padding data that is to be encrypted, the ciphertext does not reveal how many bits were added as padding and does not make the key more vulnerable.
To use padding, pick an algorithm whose name includes the name of a padding algorithm. A popular one is Pkcs. For example for symmetric encryption, the AesCbcPkcs7 algorithm includes padding.