Re: Rijndael decryption question

thore · ‎07-22-2005

I'm trying to decrypt a file that was encrypted with Rijndael in CBC mode and PKCS7 padding. I can decrypt and get the plaintext, but I don't see a way to figure out exactly how much valid data was decrypted. It looks as if the PKCS7 padding isn't decrypted into the decryption buffer, so I can't use the last byte of the decrypted data to determine how many bytes to strip off the end.

Do I really have to know the size of the plaintext before I decrypt? That kind of defeats the purpose of PKCS7 padding, so I hope that's not the case.

thore · ‎07-22-2005

Well, I found the problem, it was with the encryption. The last block was incorrect.

That brings me to another question, though. When encrypting Rijndael with PKCS7 padding in IPP, what happens if the plaintext is divisible by the blocksize? Is another block added at the end, like the .NET Rijndael class does? In other words, .NET ensures that one can always use the last byte in the decrypted plaintext to know how many bytes to trim from the end, even when the plaintext length is divisible by the block size.

There should probably be some mention in the documentation about this, and also about how big the destination buffer must be for the encryption. To add the padding it needs to be bigger than the plaintext.