1. The AES data block length is 128 bits, that is, each data block occupies 16 bytes, so the IV length needs to be 16 characters (ECB mode does not use IV), and the key is 16, 24, 32 characters, key length 128 bits occupies 16 bytes, length 192 bits occupies 24 bytes, length 256 bits occupies 32 bytes.
2. AES is calculated in blocks. When the data content is insufficient, 16 bytes (128 bit AES), 24 bytes (192 bit AES), 32 bytes (256 bit AES), the insufficient part needs to be filled. (Translation) The padding methods listed above are as follows:
**1) **
The insufficient part of ANSI X.923 is filled with 0, and the last byte is the number of padding bytes. For example, the following 8-byte block needs to be filled with 4 bytes:
… | DD DD DD DD DD DD DD DD | DD DD DD DD 00 00 00 04 |
**2) **
The insufficient parts of ISO 10126 are filled with random numbers, and finally One byte is the number of padding bytes. For example, the following 8-byte block needs to be filled with 4 bytes:
… | DD DD DD DD DD DD DD DD | DD DD DD DD BC DA EF 04 |
**3) **The insufficient part of PKCS7 and PKCS5
needs to be filled number of bytes. If the data size is a multiple of the block size N, add a block with all N blocks. For example, the following 8-byte block needs to be filled with 4 bytes:
… | DD DD DD DD DD DD DD DD | DD DD DD DD 04 04 04 04 | **4) ** The insufficient part of
ISO/IEC 7816-4
, first fill a 0×80, and the rest are all 0. For example, the following 8-byte block needs to be filled with 4 bytes:
… | DD DD DD DD DD DD DD DD | DD DD DD DD 80 00 00 00 |
It is required that the data content itself does not contain 0×80
**5)** zero padding
The insufficient part is all filled with 0. For example, the following 8-byte block needs to be filled with 4 bytes:
… | DD DD DD DD DD DD DD DD | DD DD DD DD 00 00 00 00 |
This method cannot distinguish the case where the data content itself contains 0 at the end, so Nor is it a standard way of filling.
After actual testing, the length of the AES data block is 128 bits, occupying 16 bytes, the length of the plaintext must be an integer multiple of 16, and the insufficient part is filled according to the selected padding mode. As long as the fill mode is selected, the corresponding data must be filled later.
For example: when the padding mode is PKCS7 and PKCS5
When the effective length of the data is 16 bytes, 16 bytes will be filled in the back. Filled with decimal 16 corresponding to hexadecimal is 0x10
| DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD|
When the effective length of the data is 15 bytes, it will be filled with 1 byte at the back, and the filling is decimal 1 corresponding to hexadecimal 0x01.
| DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD 01|
When the effective length of the data is 32 bytes, 16 bytes are filled in the back, and the filling is decimal 16 corresponding to hexadecimal is 0x10
| DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD| 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10|
When the effective length of the data is 30 bytes, 2 bytes are filled in the back, and the filling is decimal 2 corresponding to hexadecimal, which is 0x02
| DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD 0x02 0x02|
3. Online AES encryption and decryption website
Website 1: https://tool.lmeee.com/jiami/aes
Website 2: https://the-x.cn/cryptography/Aes.aspx
4. Online Base64 data conversion website
website: https://cryptii.com/pipes/base64-to-hex
