PKCS#7 padding package for golang.org/x/crypto

Nick Craig-Wood

unread,

Aug 19, 2016, 9:46:00 AM8/19/16

to golang-dev

I recently wrote a PKCS#7 padding package for block ciphers.

I was surprised I couldn't find one anywhere - it is such a basic crypto
primitive if you are using block ciphers.

I was wondering whether there is any interest in including it in
golang.org/x/crypto?

The current state of the code is here

https://github.com/ncw/rclone/tree/crypt/crypt/pkcs7

Thanks

Nick
--
Nick Craig-Wood <ni...@craig-wood.com> -- http://www.craig-wood.com/nick

Brad Fitzpatrick

unread,

Aug 19, 2016, 10:57:35 AM8/19/16

to Nick Craig-Wood, Adam Langley, golang-dev

[+agl in case he misses this]

--
You received this message because you are subscribed to the Google Groups "golang-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

andrey mirtchovski

unread,

Aug 19, 2016, 12:04:18 PM8/19/16

to Brad Fitzpatrick, Nick Craig-Wood, Adam Langley, golang-dev

There are several padding implementations floating around. For those
that need the full thing and not just padding, I've been using this
with some success: https://godoc.org/github.com/fullsailor/pkcs7

Historically, the last time pkcs7 was discussed we got a nice quote from agl:

https://groups.google.com/d/msg/golang-nuts/-ws3wFJfPsY/JOcyylAVdMEJ

"I'm afraid that PKCS#7 (especially) represents the very worst of
architecture astronaut design and we're unlikely to support it naively
[sic] any time soon."

Nick Craig-Wood

unread,

Aug 19, 2016, 2:31:41 PM8/19/16

to andrey mirtchovski, Brad Fitzpatrick, Adam Langley, golang-dev

On 19/08/16 17:04, andrey mirtchovski wrote:
> There are several padding implementations floating around. For those
> that need the full thing and not just padding, I've been using this
> with some success: https://godoc.org/github.com/fullsailor/pkcs7

I missed that one in my search - thanks. That is a lot more than just
padding though.

> Historically, the last time pkcs7 was discussed we got a nice quote from agl:
>
> https://groups.google.com/d/msg/golang-nuts/-ws3wFJfPsY/JOcyylAVdMEJ
>
> "I'm afraid that PKCS#7 (especially) represents the very worst of
> architecture astronaut design and we're unlikely to support it naively
> [sic] any time soon."

He he ;-)

Hopefully he doesn't feel the same way about just the padding part which
is all I'm proposing to add! It would add a missing part to the crypto
libraries, namely a standard way of padding when using block ciphers.

Adam Langley

unread,

Aug 22, 2016, 12:13:57 PM8/22/16

to Nick Craig-Wood, andrey mirtchovski, Brad Fitzpatrick, golang-dev

This was originally PKCS#5 padding, it's just used in PKCS#7 too. I don't have any real objections to adding it, except that people shouldn't be using it: AEADs are the modern, safe interface for private-key encryption. Having said that, as long as the ciphertext is authenticated it's sometimes necessary for interop. If someone can point to a fair number of packages using out-of-stdlib padding implementations then that would be fair evidence for including it.