Crypto-IT

Padding standards are mechanisms for appending some predefined values to messages. They are used with algorithms which deal with blocks of data. Typical examples of such operations are block symmetric ciphers and MAC algorithms. These algorithms work on the whole data blocks. Therefore, if a message length is not a multiple of the block size, a stardard for adding some number of bytes to the end of the message is required.

The information which padding standard has been used, must be provided to the receiver. This allows them to determine (after decrypting the ciphertext) where the original message ends, and the unimportant pad bytes starts.

All the padding standards defined below work in a similar way. They describe which values should be appended to the message, to fill up the last block.

Using padding is a convenient way of making sure that encrypted data is of the correct size. The only drawback is the fact that even if the original message contains the correct number of bytes (a multiple of the block size), some padding must be added to fulfil the process and make sure that the receiver would be able to understand the message. Usually, a new dummy block must be added which will contain only the padding bytes.

There are a few padding types described below. The first two paddings are based on bits, whereas the others are based on bytes.

A single 1 bit is appended to the data. Then, all other bits of the padding (if any are required) are zeros.

This padding scheme is defined in ISO/IEC 9797-1 documentation.

If the data ends in a 0 bit, all the padding bits will be ones. If the data ends in a 1 bit, all the padding bits will be zeros.

The value of each pad byte is the total number of bytes that are added. Of course, the total number of pad bytes depends on the block size.

For example, if the message is 3 bytes shorter than an integer multiple of the block size, then 3 pad bytes should be added, each of them of value 3. If 5 bytes should be added, then each of them should be 5.

The first byte of the padding is 0x80. All other bytes of the padding are zeros. Such construction allows to create paddings of any size.

The padding mechanism is defined in ISO/IEC 7816-4 documentation.

The last byte of the padding (thus, the last byte of the block) is the number of pad bytes. All other bytes of the padding are some random data.

The padding mechanism is defined in ISO 10126-2 documentation.

The last byte of the padding (thus, the last byte of the block) is the number of pad bytes. All other bytes of the padding are zeros.

The padding mechanism is defined in the ANSI X9.23 standard.

All padding bytes are zeros. This type of padding is rather unreliable (what if the data ends with zeros?) and should be use only if necessary in legacy applications.