Why is the ciphertext 32 bytes long when encrypting 16 bytes with AES?

Question

I use encryption AES algorithm, when i encrypt 16 byte(one block) the result is 32 byte. Is this ok?

My source code that i used is:

package net.sf.an         


        

Answer 1

AES defaults to ECB mode encryption with PKCS#7 compatible padding mode (for all providers observed so far). ECB and CBC mode encryption require padding if the input is not precisely a multiple of the blocksize in size, with 16 being the block size of AES in bytes.

Unfortunately there might be no way for the unpadding mechanism to distinguish between padding and data; the data itself may represent valid padding. So for 16 bytes of input you will get another 16 bytes of padding. Padding modes that are deterministic such as PKCS#7 always pad with 1 to [blocksize] bytes.

If you look at int output = cipher.getOutputSize(16); you will get back 32 bytes. Use "AES/ECB/NoPadding" during decipher to see the padding bytes (e.g. 4D61617274656E20426F64657765732110101010101010101010101010101010).

You are better off when you fully specify the algorithm. Previously most developers would go for "AES/CBC/PKCS5Padding" but nowadays "AES/GCM/NoPadding" should probably be used because it offers message authentication and integrity. Otherwise you will keep guessing which mode is actually used.

Note that using ECB mode is not safe as an attacker can retrieve information from the cipher text. Identical blocks of plain text encode to identical blocks of cipher text.