Is Pkcs7 the default padding for NewCBCDecrypter?

<p>I have an example program where given a padded aes-encrypted ciphertext and a key, it outputs the decrypted url. Knowing that the input is padded via Pkcs7, I assumed that I would have to unpad the output. However, the program still produces the correct output, regardless of whether I unpad it or not. </p> <pre><code>func main() { ciphertext := ciphertext(b64_cipher) iv := iv(vector) key := sha(secret) block, _ := aes.NewCipher(key[:]) mode := cipher.NewCBCDecrypter(block, iv) mode.CryptBlocks(ciphertext, ciphertext) url := fmt.Sprintf(&#34;%s&#34;,ciphertext) fmt.Println(url) // This works for a padded input! } </code></pre> <p>Does the standard library&#39;s <a href="https://golang.org/pkg/crypto/cipher/#NewCBCDecrypter" rel="nofollow">CBC decrypter</a> automatically unpad the output? Forgive me for sounding noobish, but what is the reason behind it? Thanks</p> <hr/>**评论：**<br/><br/>alexwhoizzle: <pre><p>No it doesn&#39;t. Looking at the example in the docs (<a href="https://golang.org/pkg/crypto/cipher/#example_NewCBCDecrypter" rel="nofollow">https://golang.org/pkg/crypto/cipher/#example_NewCBCDecrypter</a>) it says: </p> <blockquote> <p>If the original plaintext lengths are not a multiple of the block size, padding would have to be added when encrypting, which would be removed at this point. For an example, see <a href="https://tools.ietf.org/html/rfc5246#section-6.2.3.2" rel="nofollow">https://tools.ietf.org/html/rfc5246#section-6.2.3.2</a>. However, it&#39;s critical to note that ciphertexts must be authenticated (i.e. by using crypto/hmac) before being decrypted in order to avoid creating a padding oracle.</p> </blockquote> <p>You will need to remove the padding yourself. But also remember, you need to authenticate the ciphertext if you are not currently. </p></pre>smasher164: <pre><p>So I&#39;m guessing the input was not properly padded then, since it isn&#39;t my own ciphertext. Anyways, thank you!</p></pre>alexwhoizzle: <pre><p>Yea I&#39;d assume so. The byte length of the plaintext must happen to be a multiple of 16, so the CBC decryptor won&#39;t panic (see here: <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/cbc.go#L113" rel="nofollow">https://github.com/golang/go/blob/master/src/crypto/cipher/cbc.go#L113</a>). Even so, it&#39;s good practice to always pad your messages even if the length of the message is a multiple of 16 so it doesn&#39;t become ambigious when decrypting. </p></pre>alexfiori: <pre><p>It won&#39;t pad or unpad, you have to do that yourself. Here&#39;s a reference for pkcs7 pad/unpad code: <a href="https://github.com/go-web/tokenizer/blob/master/pkcs7.go" rel="nofollow">https://github.com/go-web/tokenizer/blob/master/pkcs7.go</a></p></pre>