| ■50495 / inTopicNo.4) |
Re[3]: AES 復号化 |
□投稿者/ れい (928回)-(2010/06/08(Tue) 20:20:37)
|
■No50492 (mick さん) に返信
> PKCS#5でパディングしたものをPKCS#7で取り除けるということですね。
はい。
paddingに関してはPKCS#7がスーパーセットです。
> パディングの細かい仕様を探してもなかなか見つからず
細かい仕様は仕様書に載っているものです。
PKCS#5/#7の仕様書はRFCです。
paddingの部分のみ引用します。
PKCS#5
http://tools.ietf.org/rfc/rfc2898.txt
6.1.1 Encryption Operation
の4項目目。
4. Concatenate M and a padding string PS to form an encoded
message EM:
EM = M || PS ,
where the padding string PS consists of 8-(||M|| mod 8) octets
each with value 8-(||M|| mod 8). The padding string PS will
satisfy one of the following statements:
PS = 01, if ||M|| mod 8 = 7 ;
PS = 02 02, if ||M|| mod 8 = 6 ;
...
PS = 08 08 08 08 08 08 08 08, if ||M|| mod 8 = 0.
The length in octets of the encoded message will be a multiple
of eight and it will be possible to recover the message M
unambiguously from the encoded message. (This padding rule is
taken from RFC 1423 [3].)
PKCS#7
http://tools.ietf.org/rfc/rfc2315.txt
10.3 Content-encryption process
の2項目目
2. Some content-encryption algorithms assume the
input length is a multiple of k octets, where k > 1, and
let the application define a method for handling inputs
whose lengths are not a multiple of k octets. For such
algorithms, the method shall be to pad the input at the
trailing end with k - (l mod k) octets all having value k -
(l mod k), where l is the length of the input. In other
words, the input is padded at the trailing end with one of
the following strings:
01 -- if l mod k = k-1
02 02 -- if l mod k = k-2
.
.
.
k k ... k k -- if l mod k = 0
The padding can be removed unambiguously since all input is
padded and no padding string is a suffix of another. This
padding method is well-defined if and only if k < 256;
methods for larger k are an open issue for further study.
|
|