Ruby中的Rijndael AES-128加密解密

问题是mcrypt不会填充最后一个块，而Ruby的OpenSSL绑定使用默认的OpenSSL填充方法，即PKCS填充.我无法真正改善OpenSSL文档中的描述:

The problem is that mcrypt isn't padding the last block, whereas Ruby's OpenSSL binding uses the default OpenSSL padding method, which is PKCS padding. I can't really improve on the description from the OpenSSL documentation:

PKCS填充通过将值n的n个填充字节相加来进行工作，以使数据的总长度为块大小的倍数.总是添加填充，因此，如果数据已经是块大小n的倍数，则将等于块大小.例如，如果块大小为8，并且要加密11个字节，则将添加5个填充字节，其值为5. 在加密之前，您需要在PHP的明文末尾手动添加适当的填充.为此，请在加密前通过$ phpcs5_pad函数将$ cleartext传递给PHP(将16作为块大小).

PKCS padding works by adding n padding bytes of value n to make the total length of the data a multiple of the block size. Padding is always added so if the data is already a multiple of the block size n will equal the block size. For example if the block size is 8 and 11 bytes are to be encrypted then 5 padding bytes of value 5 will be added. You'll need to manually add proper padding to the end of the cleartext in PHP before encrypting. To do that, pass your $cleartext through this pkcs5_pad function on the PHP side before you encrypt it (passing 16 as the blocksize).

function pkcs5_pad ($text, $blocksize)
{
   $pad = $blocksize - (strlen($text) % $blocksize);
   return $text . str_repeat(chr($pad), $pad);
}

如果您也选择其他方式(使用Ruby加密并使用mcrypt解密)，则必须在解密后剥离填充字节.

If you also go the other way (encrypt in Ruby and decrypt with mcrypt), you'll have to strip off the padding bytes after decrypting.

侧面说明:即使明文已经是块大小的整数倍(填充的整个块)，您也必须添加填充的原因是，以便在解密时您知道最后一个块的最后一个字节是总是添加的填充量.否则，您将无法分辨出只有一个填充字节的明文和恰好以0x01结尾的没有填充字节的明文之间的区别.

Side note: The reason you have to add padding even if the cleartext is already a multiple of the blocksize (a whole block of padding), is so that when you are decrypting you know that the last byte of the last block is always the amount of padding added. Otherwise, you couldn't tell the difference between cleartext with a single padding byte and a cleartext with no padding bytes that just happened to end in the value 0x01.