Merge pull request #194 from bmhm/SHIRO-736

[SHIRO-736] default to PaddingScheme.NONE when using GCM
apache · Jan 30, 2020 · 9786f90 · 9786f90
2 parents aa126e2 + 1c2b3ff
commit 9786f90
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java b/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java
@@ -66,7 +66,7 @@ public class AesCipherService extends DefaultBlockCipherService {
      * </tr>
      * <tr>
      * <td>{@link #setPaddingScheme paddingScheme}</td>
-     * <td>{@link PaddingScheme#PKCS5 PKCS5}</td>
+     * <td>{@link PaddingScheme#NONE NoPadding}***</td>
      * </tr>
      * <tr>
      * <td>{@link #setInitializationVectorSize(int) initializationVectorSize}</td>
@@ -85,11 +85,16 @@ public class AesCipherService extends DefaultBlockCipherService {
      * <p/>
      * <b>**</b>In conjunction with the default {@code GCM} operation mode, initialization vectors are generated by
      * default to ensure strong encryption.  See the {@link JcaCipherService JcaCipherService} class JavaDoc for more.
+     * <p/>
+     * <b>**</b>Since {@code GCM} is a stream cipher, padding is implemented in the operation mode and an external padding scheme
+     * cannot be used in conjunction with {@code GCM}. In fact, {@code AES/GCM/PKCS5Padding} is just an alias in most JVM for
+     * {@code AES/GCM/NoPadding}.
      */
     public AesCipherService() {
         super(ALGORITHM_NAME);
         setMode(OperationMode.GCM);
         setStreamingMode(OperationMode.GCM);
+        setPaddingScheme(PaddingScheme.NONE);
     }
 
     @Override