PKCS#7
The rules for PKCS padding are very simple:
Padding bytes are always added to the clear text before it is encrypted.
Each padding byte has a value equal to the total number of padding bytes that are added. For example, if 6 padding bytes must be added, each of those bytes will have the value 0x06.
The total number of padding bytes is at least one, and is the number that is required in order to bring the data length up to a multiple of the cipher algorithm block size.
AES, for example, has a cipher block size of 16 bytes. The total number of padding bytes added to the clear text will always be between 1 and 16.
| Value of clear text length | Number of bytes added | Value of each padding byte |
|---|---|---|
0 | 16 | 0x10 |
1 | 15 | 0x0F |
2 | 14 | 0x0E |
3 | 13 | 0x0D |
4 | 12 | 0x0C |
5 | 11 | 0x0B |
6 | 10 | 0x0A |
7 | 9 | 0x09 |
8 | 8 | 0x08 |
9 | 7 | 0x07 |
10 | 6 | 0x06 |
11 | 5 | 0x05 |
12 | 4 | 0x04 |
13 | 3 | 0x03 |
14 | 2 | 0x02 |
15 | 1 | 0x01 |
Last updated