PaddingMode Enumeration
Specifies the type of padding to apply when the message data block is shorter than the full number of bytes needed for a cryptographic operation.
Assembly: mscorlib (in mscorlib.dll)
| Member name | Description | |
|---|---|---|
| None | No padding is done. | |
| PKCS7 |
The PKCS #7 padding string consists of a sequence of bytes, each of which is equal to the total number of padding bytes added.
The following example shows how these modes work. Given a blocklength of 8, a data length of 9, the number of padding octets equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF: Data: FF FF FF FF FF FF FF FF FF PKCS7 padding: FF FF FF FF FF FF FF FF FF 07 07 07 07 07 07 07 |
|
| Zeros | The padding string consists of bytes set to zero. | |
| ANSIX923 |
The ANSIX923 padding string consists of a sequence of bytes filled with zeros before the length.
The following example shows how this mode works. Given a blocklength of 8, a data length of 9, the number of padding octets equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF: Data: FF FF FF FF FF FF FF FF FF X923 padding: FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 07 |
|
| ISO10126 |
The ISO10126 padding string consists of random data before the length.
The following example shows how this mode works. Given a blocklength of 8, a data length of 9, the number of padding octets equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF: Data: FF FF FF FF FF FF FF FF FF ISO10126 padding: FF FF FF FF FF FF FF FF FF 7D 2A 75 EF F8 EF 07 |
Most plain text messages do not consist of a number of bytes that completely fill blocks. Often, there are not enough bytes to fill the last block. When this happens, a padding string is added to the text. For example, if the block length is 64 bits and the last block contains only 40 bits, 24 bits of padding are added.
Some encryption standards specify a particular padding scheme. The following example shows how these modes work. Given a blocklength of 8, a data length of 9, the number of padding octets equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF:
Data: FF FF FF FF FF FF FF FF FF
X923 padding: FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 07
PKCS7 padding: FF FF FF FF FF FF FF FF FF 07 07 07 07 07 07 07
ISO10126 padding: FF FF FF FF FF FF FF FF FF 7D 2A 75 EF F8 EF 07
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
This is also why you'll get what seems to be an extra block of data when your clear data is an exact multiple of the block size. For example, assume a block size of 16 bytes (128 bits). You're encrypting exactly 64 bytes. You get 80 bytes (64 plus an extra block of 16) of encrypted data. The reason is the decrypter is going to be looking for the final block to have a length byte to tell it how much of the final block is valid. There is no room left in your final block for this length byte, so the encrypter needs to add a block to contains the final block's length byte. The length byte will be zero to indicate that no bytes in the extra final block are part of the clear text, but the block still needs to be added so that the decrypter can find this out.
You can use "PaddingMode.None" to avoid this extra final block, but it requires that the clear data be exact multiples of the block size. PaddingMode.None means that the decrypter is going to assume that ALL the bytes in the final decrypted block are part of the clear data. This assumption is what allows the encrypter to NOT add an extra block containing a final length byte.
