[openssl-users] openssl des-ede3-cbc does not match with Java one
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Nov 25 10:23:33 UTC 2015
On Wed, Nov 25, 2015 at 11:14:48AM +0100, David García wrote:
> Viktor, you pointed me to the right way. I was missing the -nopad flag in
> the openssl command.
Not using padding is fragile and can lead to subtle data corruption.
Perhaps not padding is safe and correct in your case, but I am
skeptical and you should be too. If you're constrained to interoperate
with existing code that is not padding, that code is questionable,
but you may have no choice but to follow suite. If you're free to
choose formats, you should probably pad.
--
Viktor.
More information about the openssl-users
mailing list