What kind of padding does Rails OpenSSL::Cipher use for AES-CBC-256?

Question

What padding scheme does OpenSSL::Cipher use when padding blocks for encryption? The documentation is vague.

http://www.ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/Cipher.html#method-i-padding-3D

I will need to use the encrypted data with a different language. I'm aware there are many types of padding:

https://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Padding

Answer 1

Your first link advises to

See EVP_CIPHER_CTX_set_padding for further information.

This page indicates (emphasis mine) that:

If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts the ``final'' data, that is any data that remains in a partial block. It uses standard block padding (aka PKCS padding). The encrypted final data is written to out which should have sufficient space for one cipher block. The number of bytes written is placed in outl. After this function is called the encryption operation is finished and no further calls to EVP_EncryptUpdate() should be made.

That page also includes a link to additional information that you may find helpful.

Answer 2

PKCS#7/PKSC#5 are pretty common for CBC mode. PKCS#5 is identical to PKCS#7, but PKCS#5 refers only to 64 bit (8 byte) block size so for AES-256 it is PKCS#7

from en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7

01
02 02
03 03 03
04 04 04 04
05 05 05 05 05
etc.

if your msg size is a multiple of 16 (Block Size in AES) then 1 more block filled with 16 times of byte 16 is added

Answer 3

You can confirm what padding is being used by decrypting a message with NoPadding set in your decryption method. That will pass through any padding as if it was part of the actual message. Have a look at the last block's worth of bytes from the message. That will tell you what type of padding the sender is using. Then set your decryption function to expect that type of padding.