The decryptor is correctly removing the padding that was applied by the encryptor, thus the zero bytes in your output are simply the un-touched bytes in the original plainData
array. The cryptoStream.Read(...)
call returns an integer indicating the number of bytes that were read (1
in this case), which you should be using to determine how many bytes in the output array are valid data.
If for whatever reason you are interested in seeing the padding bytes, you can set aes.Padding = PaddingMode.None;
after the encryption is performed, but before you create the decryptor. You will then find that cryptoStream.Read(...)
returns 16
, and plainData
has 0xff
as its first byte, followed by 15 bytes of 0x0f
padding (not sure why your question indicates you were expecting 0x07
though).