我正在编程保险丝文件系统,我有一个问题。禁用AES密码对象上的PKCS#7填充?
我使用CBC AES对磁盘中的数据进行加密。问题是填充。当密码的大小例如是15个字节时是没有问题的,因为它增加了1个字节。问题是,当我试图加密4096字节时,它也增加了16个字节的Padd,这对我来说是失败的。我不知道为什么要添加填充,因为4096是128的倍数(size aes block)。我需要修改我的C代码说openssl,只有当它将是必要时添加填充,但不总是...
我知道,如果明文不是128的倍数,它将添加填充。但为什么不呢?我能做什么?
这里我密码:
int encrypt_data(unsigned char *plaintext, int plaintext_len, unsigned char *key,
unsigned char *iv, unsigned char *ciphertext, int algorithm_pos)
{
EVP_CIPHER_CTX *ctx;
int len;
int ciphertext_len;
/* Create and initialise the context */
if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
/* Initialise the encryption operation. IMPORTANT - ensure you use a key
* and IV size appropriate for your cipher
* In this example we are using 256 bit AES (i.e. a 256 bit key). The
* IV size for *most* modes is the same as the block size. For AES this
* is 128 bits */
if(1 != EVP_EncryptInit_ex(ctx, ciphers[algorithm_pos].algorithm(), NULL, key, iv))
handleErrors();
/* Provide the message to be encrypted, and obtain the encrypted output.
* EVP_EncryptUpdate can be called multiple times if necessary
*/
if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
handleErrors();
ciphertext_len = len;
/* Finalise the encryption. Further ciphertext bytes may be written at
* this stage.
*/
if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors();
ciphertext_len += len;
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
return ciphertext_len;
}
CBC模式只提供保密性,你通常要添加MAC安全使用CBC模式。您应该使用经过身份验证的加密,因为它提供了*机密性和真实性。请参阅OpenSSL wiki上的[EVP Authenticated Encryption and Decryption](http://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption)。 – jww