On Thu, Feb 09, 2006, Dave wrote: > Hi, > I am performing an AES encryption with 16 bytes of data with a 128 > bit key, CBC mode, and PKCS5 padding enabled through OpenSSL 0.9.8a. > When trying to decrypt the data (with different code), I was receiving > padding errors, so I decrypted the data without padding to take a look > > Turns out the pad byte was computed correctly (16), but was only > applied to the last 8 bytes (maybe the AES block size of 16 is being > ignored?): > > (32) 66, 66, 83, 101, 110, 100, 101, 114, 67, 45, 48, 45, 49, 48, 48, > 49, -57, 37, 16, -82, 115, -25, 23, 96, 16, 16, 16, 16, 16, 16, 16, > 16, > > this of course, should be: > > (32) 66, 66, 83, 101, 110, 100, 101, 114, 67, 45, 48, 45, 49, 48, 48, > 49, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, >
Well it works OK on the command line: echo -n 0123456789abcdef | openssl enc -aes-128-cbc -pass pass:hello -nosalt | openssl enc -aes-128-cbc -d -pass pass:hello -nosalt -nopad | hd 00000000 30 31 32 33 34 35 36 37 38 39 61 62 63 64 65 66 |0123456789abcdef| 00000010 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 |................| 00000020 Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
