Home- ciphertext = aes:padEncrypt(plaintext)
- plaintext = aes:padDecrypt(ciphertext)
SYNOPSIS
DESCRIPTION
Encryption or decryption of arbitrary data. The data is first padded to a multiple of 16 bytes and then processed using the cipher block chaining mode of operation. The CBC mode makes sure that multiple blocks with the same plaintext data are encrypted to different ciphertexts. This avoids giving clues to an attacker.
aes must be an AES state handle as returned by cipher.aes(). The handle must have its key initialized using aes:setupEncrypt() or aes:setupDecrypt(), and it must have its initialization vector initialized using aes:setIV or aes:clearIV.
RETURN VALUE
A string of the same length as the passed data.
ERRORS
Raises an error if aes is not an AES state handle as returned by cipher.aes().
NOTES
The plaintext is padded up to a sixteen byte boundary, adhering to the scheme described below. If you use aes:padEncrypt() and aes:padDecrypt() together, you don't need to care about that scheme. If you need to do an own implementation, here's how it's done:
| PAYLOAD | XX...XX | PADCNT | CRCH | CRCL |
| PAYLOAD | The plaintext data. |
| XX...XX | As many padding bytes as necessary to make the whole block size a multiple of 16. The padding bytes could be filled with random data or with a copy of PADCNT. |
| PADCNT | One byte pad count (Number of padding bytes present.) |
| CRCH/CRCL | 16-bit CRC over payload data and padding bytes. |