cryptography.hazmat.primitives.padding
Padding is a way to take data that may or may not be a multiple of the block size for a cipher and extend it out so that it is. This is required for many block cipher modes as they require the data to be encrypted to be an exact multiple of the block size.
PKCS7 padding is a generalization of PKCS5 padding (also known as standard padding). PKCS7 padding works by appending N
bytes with the value of chr(N)
, where N
is the number of bytes required to make the final block of data the same size as the block size. A simple example of padding is:
>>> from cryptography.hazmat.primitives import padding >>> padder = padding.PKCS7(128).padder() >>> padded_data = padder.update(b"11111111111111112222222222") >>> padded_data b'1111111111111111' >>> padded_data += padder.finalize() >>> padded_data b'11111111111111112222222222x06x06x06x06x06x06' >>> unpadder = padding.PKCS7(128).unpadder() >>> data = unpadder.update(padded_data) >>> data b'1111111111111111' >>> data + unpadder.finalize() b'11111111111111112222222222'
- param block_size
The size of the block in
bits
that the data is being padded to.- raises ValueError
Raised if block size is not a multiple of 8 or is not between 0 and 2040 inclusive.
padder()
- returns
A padding
~cryptography.hazmat.primitives.padding.PaddingContext
instance.
unpadder()
- returns
An unpadding
~cryptography.hazmat.primitives.padding.PaddingContext
instance.
1.3
ANSI X9.23 padding works by appending N-1
bytes with the value of 0
and a last byte with the value of chr(N)
, where N
is the number of bytes required to make the final block of data the same size as the block size. A simple example of padding is:
>>> padder = padding.ANSIX923(128).padder() >>> padded_data = padder.update(b"11111111111111112222222222") >>> padded_data b'1111111111111111' >>> padded_data += padder.finalize() >>> padded_data b'11111111111111112222222222x00x00x00x00x00x06' >>> unpadder = padding.ANSIX923(128).unpadder() >>> data = unpadder.update(padded_data) >>> data b'1111111111111111' >>> data + unpadder.finalize() b'11111111111111112222222222'
- param block_size
The size of the block in
bits
that the data is being padded to.- raises ValueError
Raised if block size is not a multiple of 8 or is not between 0 and 2040 inclusive.
padder()
- returns
A padding
~cryptography.hazmat.primitives.padding.PaddingContext
instance.
unpadder()
- returns
An unpadding
~cryptography.hazmat.primitives.padding.PaddingContext
instance.
When calling padder()
or unpadder()
the result will conform to the PaddingContext
interface. You can then call update(data)
with data until you have fed everything into the context. Once that is done call finalize()
to finish the operation and obtain the remainder of the data.
update(data)
- param data
The data you wish to pass into the context.
- type data
bytes-like
- return bytes
Returns the data that was padded or unpadded.
- raises TypeError
Raised if data is not bytes.
- raises cryptography.exceptions.AlreadyFinalized
See
finalize
.- raises TypeError
This exception is raised if
data
is notbytes
.
finalize()
Finalize the current context and return the rest of the data.
After finalize
has been called this object can no longer be used; update
and finalize
will raise an ~cryptography.exceptions.AlreadyFinalized
exception.
- return bytes
Returns the remainder of the data.
- raises TypeError
Raised if data is not bytes.
- raises ValueError
When trying to remove padding from incorrectly padded data.