diff --git a/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java b/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java
index 13863ecbb7..435b998fc7 100644
--- a/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java
+++ b/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java
@@ -66,7 +66,7 @@ public class AesCipherService extends DefaultBlockCipherService {
*
*
* {@link #setPaddingScheme paddingScheme} |
- * {@link PaddingScheme#PKCS5 PKCS5} |
+ * {@link PaddingScheme#NONE NoPadding}*** |
*
*
* {@link #setInitializationVectorSize(int) initializationVectorSize} |
@@ -85,11 +85,16 @@ public class AesCipherService extends DefaultBlockCipherService {
*
* **In conjunction with the default {@code GCM} operation mode, initialization vectors are generated by
* default to ensure strong encryption. See the {@link JcaCipherService JcaCipherService} class JavaDoc for more.
+ *
+ * **Since {@code GCM} is a stream cipher, padding is implemented in the operation mode and an external padding scheme
+ * cannot be used in conjunction with {@code GCM}. In fact, {@code AES/GCM/PKCS5Padding} is just an alias in most JVM for
+ * {@code AES/GCM/NoPadding}.
*/
public AesCipherService() {
super(ALGORITHM_NAME);
setMode(OperationMode.GCM);
setStreamingMode(OperationMode.GCM);
+ setPaddingScheme(PaddingScheme.NONE);
}
@Override