in the abis api document, it says The 2nd part is the encrypted data which is encrypted using AES GCM PKCS5Padding.
GCM is a streaming mode which means that the ciphertext is only as long as the plaintext (not including authentication tag). GCM doesn’t require a padding. This means that the PKCS5Padding version is actually only a synonym for NoPadding for convenience during programming.
if i use AES GCM PKCS5Padding to decrypt the cbeff.xml data, it will fails.
Hi @dragon_king
If the documentation explicitly mentions “AES GCM PKCS5Padding,” it could be an error or a misunderstanding. When decrypting data encrypted with AES-GCM, you typically don’t use any padding scheme, as the ciphertext length is equal to the plaintext length.
Let me ask one of my ABIS team members to look into this and help you figure it out.
@mahammedtaheer FYI
Best Regards,
Team MOSIP
Hi @dragon_king
Yes, you are correct PKCS5Padding is a synonym for NoPadding in Java 11, both padding is allowed by the JCE provider in this version of Java. In later versions of Java PKCS5Padding is removed and JCE provider is allowed to specify only NoPadding.
Java 11 allows If the data is encrypted by specifying PKCS5Padding and you will be able to decrypt data with NoPadding with no issues. Because internally the provider is using only NoPadding.
Which version of Java are you using when you are decrypting the data? or Are you using different programming language to decrypt the data?
Thanks
I am using Java 17, Spring Boot 3
Hi @dragon_king
You can use NoPadding.the data will get decrypted without any issues.
Best Regards,
Team MOSIP
whether the abis document will be update accordingly?
Hi @dragon_king
Yes, We will update the abis documentation to add NoPadding details for later versions of Java…
Thanks
