How To Pad Data in RSA: Meet PCKS#1 v1.5
Many of the methods we have for encryption are based on PKCS (Public Key Cryptography Standards) documents. These were defined by RSA Security in the 1990s but have since become standards within RFC documents.
In symmetric key encryption, we use PKCS#5 (Cryptographic Message Syntax) padding. This fills a block with a value which equals the number of bytes to be padding. But, in RSA, we do not have a block and have a modulus (N). We thus need to pad our input data to make the encryption input equal to the length of the modulus. One of the most popular methods for this is PCKS#1 v1.5 [RFC3447].
With PCKS#1 v1.5, for a message of M, we create a padded input of:
EM=0x00 || 0x02 || random || 0x00 || M
and where random is a random byte stream which does not contain 0x00. The number of the padding input must equal the number of bytes in the module (L). Thus the number of random bytes will be:
L−3−len(M)
It should be noted that the random data cannot have a 0x00 value, as the unpadding process will think that the message follows. If we have a padded input of:
em = b('\x00\x02') + ps + bchr(0x00) + messageThen we need to make sure that ps does not have a 0x00 byte. Thus we can use a replace method to find…
