Byte padding
Byte padding can be applied to messages that can be encoded as an integral number of bytes.
ANSI X.923
In ANSI X.923 bytes filled with zeros are padded and the last byte defines the padding boundaries or the number of padded bytes.
Example: In the following example the block size is 8 bytes, and padding is required for 4 bytes (in hexadecimal format)
... | DD DD DD DD DD DD DD DD | DD DD DD DD |
ISO 10126
ISO 10126 (withdrawn, 2007[2][3]) specifies that the padding should be done at the end of that last block with random bytes, and the padding boundary should be specified by the last byte.
Example: In the following example the block size is 8 bytes and padding is required for 4 bytes
... | DD DD DD DD DD DD DD DD | DD DD DD DD |
PKCS7
PKCS#7 is described in RFC 5652.
Padding is in whole bytes. The value of each added byte is the number of bytes that are added, i.e. N bytes, each of value N are added. The number of bytes added will depend on the block boundary to which the message needs to be extended.
The padding will be one of:
01
02 02
03 03 03
04 04 04 04
05 05 05 05 05
etc.
Example: In the following example the block size is 8 bytes and padding is required for 4 bytes
... | DD DD DD DD DD DD DD DD | DD DD DD DD |
PKCS#5 padding is identical to PKCS#7 padding, except that it has only been defined for block ciphers that use a 64 bit (8 byte) block size. In practice the two can be used interchangeably.
ISO/IEC 7816-4
ISO/IEC 7816-4:2005[4] is identical to the bit padding scheme, applied to a plain text of N bytes. This means in practice that the first byte is a mandatory byte valued '80' (Hexadecimal) followed, if needed, by 0 to N-1 bytes set to '00', until the end of the block is reached. ISO/IEC 7816-4 itself is a communication standard for smart cards containing a file system, and in itself does not contain any cryptographic specifications.
Example: In the following example the block size is 8 bytes and padding is required for 4 bytes
... | DD DD DD DD DD DD DD DD | DD DD DD DD |
The next example shows a padding of just one byte
... | DD DD DD DD DD DD DD DD | DD DD DD DD DD DD DD |
Zero padding
All the bytes that are required to be padded are padded with zero. The zero padding scheme has not been standardized for encryption,[citation needed] although it is specified for hashes and MACs as Padding Method 1 in ISO/IEC 10118-1[5] and ISO/IEC 9797-1.[6]
Example: In the following example the block size is 8 bytes and padding is required for 4 bytes
... | DD DD DD DD DD DD DD DD | DD DD DD DD |
Zero padding may not be reversible if the original file ends with one or more zero bytes, making it impossible to distinguish between plaintext data bytes and padding bytes. It may be used when the length of the message can be derived out-of-band. It is often applied to binary encoded strings as the null character can usually be stripped off as whitespace.
Zero padding is sometimes also referred to as "null padding" or "zero byte padding". Some implementations may add an additional block of zero bytes if the plaintext is already divisible by the block size.[citation needed]