我已经遍历了Node.js加密文档,但仍然无法找到密码类使用的默认填充,例如方法cipher.setAutoPadding(true)没有关于它的规范。那么它是PKCS#5,PKCS#7 ......?
关于此的任何信息都会很棒!
答案 0 :(得分:3)
在文档(https://nodejs.org/api/crypto.html#crypto_cipher_setautopadding_autopadding)中,它说:
禁用自动填充对非标准填充非常有用,例如使用0x0而不是PKCS填充。
所以它使用" PKCS"。更具体地说,PKCS7。
PKCS7定义了与PKCS5相同的填充算法,但PKCS5假设所有密码都具有8字节(64位)块大小。 PKCS7的版本将其描述为k字节块。在实践中,人们忽略PKCS5具有固定的块大小,并且" PKCS5填充"和" PKCS7填充"是一回事。
PKCS5(https://tools.ietf.org/html/rfc2898#section-6.1.1):
4. Concatenate M and a padding string PS to form an encoded
message EM:
EM = M || PS ,
where the padding string PS consists of 8-(||M|| mod 8) octets
each with value 8-(||M|| mod 8). The padding string PS will
satisfy one of the following statements:
PS = 01, if ||M|| mod 8 = 7 ;
PS = 02 02, if ||M|| mod 8 = 6 ;
...
PS = 08 08 08 08 08 08 08 08, if ||M|| mod 8 = 0.
PKCS7(https://tools.ietf.org/html/rfc5652#section-6.3):
Some content-encryption algorithms assume the input length is a
multiple of k octets, where k is greater than one. For such
algorithms, the input shall be padded at the trailing end with
k-(lth mod k) octets all having value k-(lth mod k), where lth is
the length of the input. In other words, the input is padded at
the trailing end with one of the following strings:
01 -- if lth mod k = k-1
02 02 -- if lth mod k = k-2
.
.
.
k k ... k k -- if lth mod k = 0