How to unpad PKCS#7 / PKCS#5 padding?
Question:
I would like to for help with using the cryptography.hazmat.primitives.padding.PKCS7 Python class.
After decryption I’m getting the string 453947000000197708080808, when the plaintext should be 4539470000001977. According to our development team, the plaintext should be padded with PKCS#5 padding. So I searched for this class, but could not get it to work.
I could also do it manually by taking the last 2 digits, converting them to an integer, multiplying it by 2 and cutting the string from right by that number. However, I would prefer to do the unpadding using functions from the same package that I used for decryption.
Answers:
The characters that you are seeing are a hexadecimal representation of the binary bytes. What you have are 12 bytes with the given value, ending with four bytes valued 8. There are however some things that are seriously wrong with that output:
- for PKCS#7 padding, which you would expect, the result should be eight bytes valued
08 or four bytes valued 04;
- for a 8 or 16 byte block cipher you would expect 16 bytes as result;
I’m therefore expecting that you left out 4 bytes of the result. Otherwise the decryption would not have succeeded: the input for CBC or ECB decryption has to be a multiple of eight or 16 bytes, or an error should be generated.
Generally the unpadding doesn’t have to be performed separately. The padding is usually configured for the ECB or CBC modes of operation. And generally, the PKCS#7 unpadding is the default for ECB and CBC (e.g. in Java and OpenSSL).
In case you are wondering, I’ve described the differences between PKCS#5 and PKCS#7 padding here on Cryptography.
I would like to for help with using the cryptography.hazmat.primitives.padding.PKCS7 Python class.
After decryption I’m getting the string 453947000000197708080808, when the plaintext should be 4539470000001977. According to our development team, the plaintext should be padded with PKCS#5 padding. So I searched for this class, but could not get it to work.
I could also do it manually by taking the last 2 digits, converting them to an integer, multiplying it by 2 and cutting the string from right by that number. However, I would prefer to do the unpadding using functions from the same package that I used for decryption.
The characters that you are seeing are a hexadecimal representation of the binary bytes. What you have are 12 bytes with the given value, ending with four bytes valued 8. There are however some things that are seriously wrong with that output:
- for PKCS#7 padding, which you would expect, the result should be eight bytes valued
08or four bytes valued04; - for a 8 or 16 byte block cipher you would expect 16 bytes as result;
I’m therefore expecting that you left out 4 bytes of the result. Otherwise the decryption would not have succeeded: the input for CBC or ECB decryption has to be a multiple of eight or 16 bytes, or an error should be generated.
Generally the unpadding doesn’t have to be performed separately. The padding is usually configured for the ECB or CBC modes of operation. And generally, the PKCS#7 unpadding is the default for ECB and CBC (e.g. in Java and OpenSSL).
In case you are wondering, I’ve described the differences between PKCS#5 and PKCS#7 padding here on Cryptography.