I have done encryption and decryption with AES128 with PKCS7padding but its not decrypting with Android and .NET. In Android and .NET Pkcs5padding is using for encryption and decryption. My code is:
- (NSData *)AES128EncryptWithKey:(NSString *)key
{
char keyPtr[kCCKeySizeAES128 + 1]; // room for terminator (unused)
bzero( keyPtr, sizeof( keyPtr ) ); // fill with zeroes (for padding)
[key getCString:keyPtr maxLength:sizeof( keyPtr ) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [self length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc( bufferSize );
size_t numBytesEncrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt( kCCEncrypt, kCCAlgorithmAES128,kCCOptionPKCS7Padding,
keyPtr, kCCKeySizeAES128,
NULL ,[self bytes], dataLength, buffer, bufferSize, &numBytesEncrypted );
if( cryptStatus == kCCSuccess )
{
return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
}
free( buffer );
return nil;
}
- (NSData *)AES128DecryptWithKey:(NSString *)key
{
char keyPtr[kCCKeySizeAES128+1];
bzero( keyPtr, sizeof( keyPtr ) );
[key getCString:keyPtr maxLength:sizeof( keyPtr ) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [self length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc( bufferSize );
size_t numBytesDecrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt( kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
keyPtr, kCCKeySizeAES128,
NULL ,
[self bytes], dataLength,
buffer, bufferSize,
&numBytesDecrypted );
if( cryptStatus == kCCSuccess )
{
return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
}
free( buffer );
return nil;
}
Please suggest if anyone have idea. Give me suggestions.
There is only one main difference between PKCS#5 and PKCS#7 padding is the block size. PKCS#5 padding is only defined for 8-byte block sizes. PKCS#7 padding would work for any block size from 1 to 255 bytes.
This is the definition of PKCS#5 padding (6.2):
The padding string PS shall consist of 8 - (||M|| mod 8) octets all having value 8 - (||M|| mod 8).
PKCS#7 is the same except that it allows block sizes up to 256 bytes in size (10.3 note 2):
For such algorithms, the method shall be to pad the input at the trailing end with k - (l mod k) octets all having value k - (l mod k), where l is the length of the input.
So fundamentally PKCS#5 padding is a subset of PKCS#7 padding for 8 byte block sizes.
Most cryptographic libraries use either PKCS#5 or PKCS#7 to define the same padding mechanism. Officially PKCS#7 would of course be the only correct one if block sizes other than 8 are used within the calculation.
Note that both PKCS#5 and PKCS#7 are not standards for padding mechanisms. The padding part is only a small subset of the defined functionality (password based encryption or PBE, and the cryptograpic message syntax or CMS respectively).