I have a C# solution that encrypts a bunch of small data chunks using AES.
//This is how I'm configuring the Aes object
var aes = Aes.Create();
aes.Mode = CipherMode.CBC;
aes.KeySize = 256;
aes.Padding = PaddingMode.PKCS7;
I then write the raw ciphertext bytes to SQL Server VARBINARY columns.
Querying the length of these VARBINARY ciphertext columns I expected them to always be a multiple of 16 bytes. However that does not appear to be the case here.
I tried reading up about it online and the only questions I found are asking why AES ciphertext is padded up to 16 byte blocks, so I thought I'd ask about the inverse question here.
Notes:
- I tested decrypting one of these oddly sized ciphertexts and it worked fine, so the ciphertext is not malformed.
- I noticed it doesn't happen often, in one run it happened 19 times out of 5,828.
- When it does happen it's always off-by-one (31 instead of 32, 767 instead of 768, etc..)
I had a thought that maybe the AES standard might truncate cipher-bytes that are exactly zero (or some other well known number) from the end of the output since that could just be rebuilt by the decryptor? But would love clarification.