So What Is PKCS#7?

A symmetric key block cipher, such as AES and DES, uses a defined block size -and which stores a given number of bytes. These blocks are…
Photo by Alex Motoc on Unsplash

So What Is PKCS#7?

A symmetric key block cipher, such as AES and DES, uses a defined block size -and which stores a given number of bytes. These blocks are typically either 64-bits (8 bytes) or 128 bits (16 bytes). As we cannot fill all of the blocks, we must pad the last block. PKCS #7 (Cryptographic Message Syntax) is a standard padding method that determines the number of padding bytes and then ads that as a value. For example, for a 128-bit block size, and if we have “testing”, then there are seven bytes (for ASCII coding) that represent the data, and we then have 9 (0x09) padding values. The padding block becomes:

74657374696e67090909090909090909

and “testing1” as:

74657374696e67310808080808080808

For a 64-bit block, we only have one padding bytes, thus the padding value is:

74657374696e6701

For “testing1”, we will require another block, and with eight padding bytes:

74657374696e67310808080808080808

The code is then [here]:

from cryptography.hazmat.primitives import padding
import sys
import binascii

size=128
message="abc"

if (len(sys.argv)>1):
	message=str(sys.argv[1])

if (len(sys.argv)>2):
	size=int(sys.argv[2])

print ("Message: ",message)
print ("Block size: ",size)

message=message.encode()
padder = padding.PKCS7(size).padder()
padded_data = padder.update(message)

padded_data += padder.finalize()
print ("Padded: ",binascii.hexlify(padded_data).decode())

unpadder = padding.PKCS7(size).unpadder()
data = unpadder.update(padded_data)

unpadded = data + unpadder.finalize()

print ("Unpadded: ",unpadded.decode())

A sample run for a 64-bit block size is [here]:

Message:  test
Block size:  64
Padded:  7465737404040404
Unpadded:  test

and for a 128-bit block size [here]:

Message:  test
Block size:  128
Padded:  746573740c0c0c0c0c0c0c0c0c0c0c0c
Unpadded:  test

Here is the code:

haz_padding
A Python repl by billbuchananreplit.com

Many older encryption methods used a 64-bit block size, which meant that they would read in 8 characters (or eight 8-bit values) into a block and then encrypt that. Common methods that use these block sizes are DES and 3-DES. Most modern symmetric key methods, such as AES, use a 128-bit block size, which means we read in 16 characters at a time. In AES we actually create a 4x4 matrix, and then swap rows and columns, and then put them through an S-box and P-box:

PKCS (Public-Key Cryptography Standards) were designed and published, in the 1990s, by RSA Security Inc, and have now been standardised in the form of RFCs. PKCS #5 (RFC 2859) is a standard used for password-based encryption, and PKCS #7 (RFC 2815) is used to sign and/or encrypt messages for PKI.

ANSI X.923 padding has N-1 bytes with a value of 0 and a last byte and the value of chr(N), N is then the number of bytes that are required to fill the block. For a value of “test” with a 64-bit block size, the padded value (in hexademical) will be “7465737400000004”. For a 128-bit value, the padded value will be “7465737400000000000000000000000c”.

For ANSIX923, with a 128-bit block size, and for “test” we get:

Message:  test
Block size:  128
Type:  ANSIX923
Padded:  7465737400000000000000000000000c
Unpadded:  test

For ANSIX923, with a 64-bit block size, and for “test” we get:

Message:  test
Block size:  64
Type:  ANSIX923
Padded:  7465737400000004
Unpadded:  test