问题描述
我已经遍历了Node.js加密文档,但是仍然找不到 Cipher类使用的默认填充,例如方法cipher.setAutoPadding(true)没有关于它的规范.是PKCS#5,PKCS#7 ...吗?
I've traversed the Node.js Crypto documentation but still couldn't find the default padding used by the Cipher class, for example the method cipher.setAutoPadding(true) has no specification about it. So is it PKCS#5, PKCS#7...?
关于此的任何信息都将很棒!
Any info on this will be great!
推荐答案
在文档中( https://nodejs.org/api/crypto.html#crypto_cipher_setautopadding_autopadding )它说:
因此它使用的是"PKCS".更具体地说,是PKCS7.
So it's using "PKCS". More specifically, PKCS7.
PKCS7定义了与PKCS5相同的填充算法,但是PKCS5假定所有密码都将具有8字节(64位)的块大小. PKCS7的版本将其描述为k字节块.实际上,人们忽略了PKCS5具有固定的块大小,而"PKCS5填充"和"PKCS7填充"是同一件事.
PKCS7 defined the same padding algorithm that PKCS5 did, but PKCS5 assumed all ciphers would have 8 byte (64 bit) block sizes. PKCS7's version describes it as a k-byte block. In practice, people ignore that PKCS5 had a fixed block size, and "PKCS5 padding" and "PKCS7 padding" are the same thing.
PKCS5( https://tools.ietf.org/html/rfc2898#第6.1.1节):
4. Concatenate M and a padding string PS to form an encoded
message EM:
EM = M || PS ,
where the padding string PS consists of 8-(||M|| mod 8) octets
each with value 8-(||M|| mod 8). The padding string PS will
satisfy one of the following statements:
PS = 01, if ||M|| mod 8 = 7 ;
PS = 02 02, if ||M|| mod 8 = 6 ;
...
PS = 08 08 08 08 08 08 08 08, if ||M|| mod 8 = 0.
PKCS7( https://tools.ietf.org/html/rfc5652#section- 6.3 ):
Some content-encryption algorithms assume the input length is a
multiple of k octets, where k is greater than one. For such
algorithms, the input shall be padded at the trailing end with
k-(lth mod k) octets all having value k-(lth mod k), where lth is
the length of the input. In other words, the input is padded at
the trailing end with one of the following strings:
01 -- if lth mod k = k-1
02 02 -- if lth mod k = k-2
.
.
.
k k ... k k -- if lth mod k = 0
这篇关于Node.js加密,AES的默认填充是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!