PKCS#7
Last updated
Last updated
The rules for PKCS padding are very simple:
Padding bytes are always added to the clear text before it is encrypted.
Each padding byte has a value equal to the total number of padding bytes that are added. For example, if 6 padding bytes must be added, each of those bytes will have the value 0x06.
The total number of padding bytes is at least one, and is the number that is required in order to bring the data length up to a multiple of the cipher algorithm block size.
AES, for example, has a cipher block size of 16 bytes. The total number of padding bytes added to the clear text will always be between 1 and 16.
Value of clear text length | Number of bytes added | Value of each padding byte |
---|---|---|
0
16
0x10
1
15
0x0F
2
14
0x0E
3
13
0x0D
4
12
0x0C
5
11
0x0B
6
10
0x0A
7
9
0x09
8
8
0x08
9
7
0x07
10
6
0x06
11
5
0x05
12
4
0x04
13
3
0x03
14
2
0x02
15
1
0x01