Removing padded characters from AES encoding

**Rabbit** · Mar 30 '20, 08:15 PM

A common way of handling this is store the size of the message/file in the header. That way you know when to cut off the last block.

An unrelated but also common thing to do is to store a hash of the key, a hash of the message/file, and any nonces, salts, or initialization vectors you use. This allows you to verify that the correct password was entered and that the decoded message is correct.

**astera** · Mar 31 '20, 07:34 AM

Thanks Rabbit for quick reaction.
When I have a string with Len=107 the last block is Len=11. Where do I have to cut? I tried to cut here:
This is your code:

Code:

       If Len(sTemp) < 16 Then
                For i = Len(sTemp) To 15
                    sTemp = sTemp & Chr(0)
                Next
            End If

This is what I have changed (iMaxLen=16)

Code:

60            If Len(sTemp) < iMaxLen Then
                  iMaxLen = Len(sTemp)
'80                    sTemp = sTemp & Chr(0)
'90                Next
100           End If

but then I get an error on line 120 if it exceed iMaxLen:

Code:

110           For i = 0 To iMaxLen - 1
120               block(i) = Asc(Mid(sTemp, (i Mod 4) * 4 + (i \ 4) + 1, 1))
130           Next

Cheers Asterios

**Rabbit** · Apr 1 '20, 01:51 AM

I'm splitting this thread out as it's exceeding the scope of the article.

There's no need to cut the string at place where it's getting padded as the padding is necessary. You only need to strip out during decryption.

Since AES works on 16 byte blocks, if you mod the length by 16, that tells you how many bytes to get from the last block.

**astera** · Apr 4 '20, 10:29 AM

Hello Rabbit,
you are right. If I want to decrypt a whole file or a string without the intention to add somethings later, the code works. I only need to cut the last NUL chars while decryption. So far so good.
What I want to achieve is to en-decrypt log-files. Means whenever a log-string will be added to the log-file I want to

encrypt the log-string

add it to the file

save the file

Next log-string need to be encrypted, added and save the file in the same manner.
But when I decrypt that log-file afterwards, the out put is not the same as the origin log-strings.
May be you have an idea to solve that.
By the way, Before I started to encrypt with your code I needed to change somethings to make it happen.
If you are interested, please let me know where to post or send.

Cheers Asterios

**Rabbit** · Apr 5 '20, 07:38 PM

But when I decrypt that log-file afterwards, the out put is not the same as the origin log-strings.
May be you have an idea to solve that.

The ideas to solve that are in my prior posts above. To repeat:

A common way of handling this is store the size of the message in the header. That way you know when to cut off the last block.

There's no need to cut the string at the place where it's getting padded for encryption as the padding is necessary. You only need to strip out during decryption.

Since AES works on 16 byte blocks, if you mod the length by 16, that tells you how many bytes to get from the last block.

Removing padded characters from AES encoding

Removing padded characters from AES encoding

Comment

Comment

Comment

Comment

Comment