public class PKCS7 extends PaddingScheme
Some content-encryption algorithms assume the input length is a multiple of k octets, where k > 1, and let the application define a method for handling inputs whose lengths are not a multiple of k octets. For such algorithms, the method shall be to pad the input at the trailing end with k - (l mod k) octets all having value k - (l mod k), where l is the length of the input. In other words, the input is padded at the trailing end with one of the following strings:
01 -- if l mod k = k-1 02 02 -- if l mod k = k-2 . . . k k ... k k -- if l mod k = 0
The padding can be removed unambiguously since all input is padded and no padding string is a suffix of another. This padding method is well-defined if and only if k < 256; methods for larger k are an open issue for further study.
An IllegalBlockSizeException is thrown (by the Cipher class) if the block size is greater than 255 bytes.
References:
Copyright © 1997
Systemics Ltd on behalf of the
Cryptix Development Team.
All rights reserved.
$Revision: 1.6 $
blockSize
Constructor and Description |
---|
PKCS7()
Creates a PKCS7 object.
|
Modifier and Type | Method and Description |
---|---|
protected boolean |
engineIsValidBlockSize(int size)
SPI: Returns true if size is a valid block size (in
bytes) for this algorithm.
|
protected int |
enginePad(byte[] in,
int offset,
int length)
Pads a given array of bytes.
|
protected int |
engineUnpad(byte[] in,
int offset,
int length)
Given the specified subarray of bytes that includes padding bytes, returns
the index indicating where padding starts.
|
clone, engineGetParameter, engineSetBlockSize, engineSetParameter, getAlgorithm, getAlgorithms, getAlgorithms, getBlockSize, getInstance, getInstance, getParameter, pad, paddingScheme, padLength, setParameter, toString, unpad
protected int enginePad(byte[] in, int offset, int length)
in[offset+length..offset+blocksize-1]
.enginePad
in class PaddingScheme
in
- the buffer containing the incomplete block.offset
- the offset into the in
buffer of the
first byte in the group of bytes to be padded.length
- the number of bytes from the in
buffer,
starting at offset
, that need to be padded.protected int engineUnpad(byte[] in, int offset, int length)
For PKCS#7, the padding bytes all have value
blockSize - (length % blockSize)
. Hence to find the number
of added bytes, it's enough to consider the last byte value of the
padded message.
engineUnpad
in class PaddingScheme
in
- the buffer containing the bytes.offset
- the offset into the in buffer of the
first byte in the block.length
- the length of the block in bytes.CryptixException
- if the number of padding bytes is invalid.protected boolean engineIsValidBlockSize(int size)
For PKCS#7 padding, values of size between 1 and 255 bytes inclusive are valid.
engineIsValidBlockSize
in class PaddingScheme