When in doubt, start again ;-) After scrapping the lot and starting from scratch, it now works fine.
Thanks for your help Jeff. Iain > > > Hi Iain, > > From what I understand about the padding: > The method only works when block size is less than 256 (8 > bit octet). A ASCII value is used in the range of 1 to > block_size (i.e., 1 - 16 in the case of 128 bit AES). > The length of the message is taken modulo block_size ( m % > 16 ) to determine the pad value. This value is then > subtracted from block_size. > > So, the actual value that is used to pad the message is > block_size - m % block_size. > > A message that is 28 characters long would be padded to 32 > characters using the value 0x04 ( 16 - 28 % 16 ). > > I'm not an expert on the subject. RSA has some good > documentation that is not too tough to read. See > http://www.rsasecurity.com/rsalabs/pkcs/index.html > > Jeff > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > [EMAIL PROTECTED] > > Sent: Thursday, March 11, 2004 6:11 PM > > To: [EMAIL PROTECTED] > > Subject: RE: AES encryption/decryption > > > > > > Jeff, > > > > thanks for the code, unfortunately that doesnt help > > either. > > What exactly is the following code supposed to be > > checking? Im guessing it is supposed to check the first > > padding byte to ensure it is valid, however it is > > actually checking the last character of the input string > > , which is 'F' in this case. It then throws an > > exception because the integer value of F is 70, and this > > is greater than the block size of 16. > > Anyone able to help me understand WHY it would be doing > > this check? > > The ASCII value of space is > > "0123456789ABCDEF{0x253}{0x253}...." > > Even if pad should be equal to the first non-message > > byte, I fail to understand the benefit of ensuring the > > decimal value of this is a positive integer less than > > the block size. > > Any help much appreciated > > > > Iain > > > > > > if (m_padding == PKCS_PADDING) > > { > > byte pad = space[s-1]; > > if (pad < 1 || pad > s || > > std::find_if(space+s-pad, > > space+s, std::bind2nd(std::not_equal_to<byte>(), pad)) > > != space+s) > > throw > > InvalidCiphertext("StreamTransformationFilter: > > invalid PKCS #7 block padding found"); > > length = s-pad; > > } > > > > > [Attachment: smime.p7s]
