CFB mode has a block size of 1 byte (its similar to a stream cipher), i.e. can work on arbitrary byte lengths, and thus does /not/ require padding. (encrypted length should be either equal to the plaintext length (when using a predetermined IV) or IV-length (1 block) + plaintext length. It is strongly advised to use one-time IVs, i.e. not use IVs for multiple messages in CFB mode.
CBC (end ECB) mode is where you need padding as that mode works on entire blocks only. AFAICT there's no 'openssl enc' option to pick an optional padding (or a particular padding mode at that) for CFB. And simply calling the EVP_CIPHER_CTX_set_padding() in your own code wouldn't help either as CFB is a stream cipher and the OpenSSL EVP API recognizes this and thus does no padding, ever. If you want to pad to some arbitrary length unit anyway, this has got to be done in the application layer. In OpenSSL commandline terms this means you have to provide the already 'padded' plaintext data for CFB. (Note: for **other** modes the EVP layer may do the padding like you mention for Java, e.g. when using AES in CBC mode, where the pad bytes will conform to PKCS5 padding, i.e. all have a value equal to the padded gap length. When padding is enabled in the EVP interface, the minimal padding width is 1 byte for any ciphers/modes which require an input blocksize > 1. Just recall that padding is a rather CBC/ECB-specific thing.) commandline similar to: openssl enc -aes-128-cfb -e -in in.txt -out out.bin -K <key> -iv <iv> On Sat, Mar 21, 2009 at 5:17 AM, Philippe Laflamme <philippe.lafla...@gmail.com> wrote: > Hi, > > I'm successfully using Java to encrypt data and OpenSSL to decrypt it. The > issue I'm having is that the decrypted file is left with the padding bytes > at the end. I can't figure out what I'm doing wrong. > > -Parameters- > Algorithm: AES > Mode: CFB > Padding: PKCS5 > > Input file is 65373 bytes, the resulting cipher text after Java has > encrypted it is 65376 bytes. > > Using OpenSSL to decrypt results in a file size of 65376 bytes. I can > clearly see the padding bytes at the end of the file (0x03 0x03 0x03). > > If I use OpenSSL to encrypt the same file, it results in a file of 65373 > bytes. I expected 65376 since 65373 is not a multiple of 128. Shouldn't > OpenSSL be padding the file? > > Is Java or OpenSSL not doing its job correctly? I'm I supposed to strip > these bytes myself? I'm using openssl on the command line, is there an > option to pass to "openssl enc" ? > > Thanks! > Philippe > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
