问题
What's the padding mode for AES/GCM? I understood it can be NoPadding, as in ECB mode it can be PKCS5Padding, how about in GCM mode? in JCE interface, we need provide "algorithm/mode/padding" (Reference).
So I used the following code to get the instance and it works in JDK but failed in IBM SDK which says
cannot find provider for supporting AES/GCM/PKCS5Padding
Cipher.getInstance("AES/GCM/PKCS5Padding");
What's real use case for padding?
回答1:
GCM is a streaming mode which means that the ciphertext is only as long as the plaintext (not including authentication tag). GCM doesn't require a padding. This means that the PKCS5Padding version is actually only a synonym for NoPadding for convenience during programming. Some providers don't have this strange mode.
The are cases where padding the plaintext makes sense. For example, you can hide the length of the actual plaintext by appending a random length PKCS5Padding.
来源:https://stackoverflow.com/questions/31248777/can-pkcs5padding-be-in-aes-gcm-mode