AES/CBC/PKCS5Padding vs AES/CBC/PKCS7Padding with 256 key size performance java

dbw picture dbw · Dec 25, 2013 · Viewed 82.3k times · Source

I am currently using AES/CBC/PKCS5Padding for encrypting files in Java with 256 bytes key size, but while searching I found on stackexchange PKCS#5-PKCS#7 Padding and it is mentioned,

PKCS#5 padding is a subset of PKCS#7 padding for 8 byte block sizes

So I want to know

  1. Will the performance of AES/CBC/PKCS7Padding will be better then AES/CBC/PKCS5Padding for the above configuration?
  2. How can we configure the block size in Java as it is mentioned

    PKCS#7 padding would work for any block size from 1 to 255 bytes.

My sample code is,

SecureRandom rnd = new SecureRandom();
IvParameterSpec iv = new IvParameterSpec(rnd.generateSeed(16));

KeyGenerator generator = KeyGenerator.getInstance("AES");
generator.init(256);
SecretKey k = generator.generateKey();

Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, k, iv);

Answer

Henry picture Henry · Dec 25, 2013

The block size is a property of the used cipher algorithm. For AES it is always 16 bytes.

So strictly speaking, PKCS5Padding cannot be used with AES since it is defined only for a block size of 8 bytes. I assume, AES/CBC/PKCS5Padding is interpreted as AES/CBC/PKCS7Padding internally.

The only difference between these padding schemes is that PKCS7Padding has the block size as a parameter, while for PKCS5Padding it is fixed at 8 bytes. When the Block size is 8 bytes they do exactly the same.