public abstract class PaddingMechanism
extends java.lang.Object
For symmetric block ciphers using certain block mechanisms (ECB, CBC, CFB), the plaintext must be a sequence of one or more complete data blocks (or, for feedback block mechanisms, data segments). In other words, the total number of bits in the plaintext must be a positive multiple of the block (or segment) size.
If the data string to be encrypted does not initially satisfy this property, then the formatting of the plaintext must entail an increase in the number of bits. A common way to achieve the necessary increase is to append some extra bits, called padding, to the trailing end of the data string as the last step in the formatting of the plaintext. An example of a padding method is to append a single '1' bit to the data string and then to pad the resulting string by as few '0' bits, possibly none, as are necessary to complete the final block (segment).
For the above padding method, the padding bits can be removed unambiguously, provided the receiver can determine that the message is indeed padded. To ensure that the receiver does not mistakenly remove bits from an unpadded message, it is required that the sender to pad every message, including messages in which the final block (segment) is already complete. For such messages, an entire block (segment) of padding is appended.
Currently, the following padding mechanism implementations are available for
use with all symmetric block ciphers provided by the
Entrust cryptographic
service provider.
For a description of how any of the above padding mechanisms can used with
Entrust's symmetric block cipher implementations, please refer to
SymmetricBlockCipher.