Padding - Encryption algorithm

Question

I'm writing an implementation of the XXTEA encryption algorithm that works on "streams", ie, can be used like: crypt mykey < myfile > output.

One of the requisites is that it doesn't have access to the file at all (it only reads an fixed size block until find an EOF). The algorithm needs that the data bytes is multiple of 4, so its needed to add a padding.

For plain text a good solution is to pad with NULLs, and in the decryption just ignore the NULLs, but the same strategy cannot be used for binary streams (that can contain embedded NULLs).

I've read the common solutions, like padding with the number of missing chars (if it miss 3 chars, then append an 3, 3, 3 at the end) and etc, but I wonder: theres a more elegant solution?

Answer 1

Read: http://msdn.microsoft.com/en-us/library/system.security.cryptography.paddingmode.aspx

It has a list of common padding methods, like:

PKCS7 - The PKCS #7 padding string consists of a sequence of bytes, each of which is equal to the total number of padding bytes added.

The ANSIX923 padding string consists of a sequence of bytes filled with zeros before the length.

The ISO10126 padding string consists of random data before the length.

Examples:

Raw data: 01 01 01 01 01

PKCS #7: 01 01 01 01 01 03 03 03

ANSIX923 01 01 01 01 01 00 00 03

ISO10126: 01 01 01 01 01 CD A9 03

Answer 2

Read up on ciphertext stealing. It's arguably much more elegant than plaintext padding. Also, I'd suggest using a block size larger than 4 bytes -- 64 bits is probably the bare minimum.

Strictly speaking, do-it-yourself cryptography is a dangerous idea; it's hard to beat algorithms that the entire crypto community has tried and failed to break. Have fun, and consider reading this, or at least something from Schneier's "related reading" section.