> From: owner-openssl-us...@openssl.org On Behalf Of aniluvce06 > Sent: Thursday, 25 April, 2013 07:31
> This is Anil. I have few questions related to AES encryption: > 1. Does the size of encrypted data depends on the size of the plain > text(considering plain text <= block size) ? > Ex: If AES-128 is used to encrypt the data , input_data > = 10 bytes input_data = 12 bytes > Is it expected that encrypted data size is > different in both the cases ? For AES itself (with any key size), not a mode of AES, plaintext is always 16 bytes and so is ciphertext. > 2. I am using the below mentioned api's to encrypt > plaintext. I provide 16 > byte AES key, 16 byte chunks of the input (tot length 64 > bytes padded with > zeroes if needed). Ideally the encrypted output len is 16 > bytes for each block of input. Yes AES_encrypt is the low-level (no-mode) primitive and 16-byte blocks are correct. Depending on your data padding with zeros may or may not be reversible. The most commonly used padding (PKCS#5) is reversible always, but expands the ciphertext for all inputs instead of only 15/16 of them. > In case of some inputs like (see below) the encrypted output > is 13 bytes instead of 16. > What makes you think that? The input is 16 bytes (which if you didn't set all 16 may include garbage left over in memory) and the output is 16 bytes. > Input strings "ffffffff00000000000000000000" or > ""ffffffffffffffffffff00000000". The same works fine for other string > patterns that match the same length like "aaaaaaaa000..." > Are those hex or ASCII? I.e. do you have 8 bytes each containing the letter f which is byte 0x66, or 4 bytes each containing 0xff, and so on? > Api's used <openssl/aes.h> > AES_encrypt(const unsigned char *in, unsigned char *out, > const AES_KEY > *key); > The AES_KEY used is 16 bytes and is set using > AES_set_encrypt_key(const > unsigned char *userKey, const int bits, AES_KEY *key); > Key used 0102030405060708090a0b0c0d0e0f1f > In general same question, but this is only 128-bits as claimed if it's hex so I assume it's hex. If I assume the data 8x"f"+8x"0" is ASCII, and the key given is hex, the encrypted value is hex A201_2F59 898D_3763 0C69_7100 D2D8_57B7 . Note this contains a zero byte at location 11. If you try to treat this binary data as a C string, which it isn't, and use strlen() to try to determine the length, strlen will wrongly think it is length 11. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org