[Openid-specs-ab] [openid/connect] JWE - Padding for the A128CBC and A256CBC encryption (issue #579)

Edmund Jay issues-reply at bitbucket.org
Fri Apr 27 00:44:44 UTC 2012

--- you can reply above this line ---

New issue 579: JWE - Padding for the A128CBC and A256CBC encryption

Edmund Jay:

The A128CBC and A256CBC algorithms encrypts data in blocks of 128 bits. If the plain text is not a multiple of 128 bits (16 bytes), the decrypted cipher text may not be the same as the original plain text due to padding used by the encryption library. This could lead to possible interoperability issues.

NIST SP800-38A Appendix A describes the problem and lists some recommended solutions.

Another suggestion was to used the padding scheme used by XML Encryption.

The Wiki page at http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Padding also decribes some solutions.

Responsible: ve7jtb

This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.

More information about the Openid-specs-ab mailing list