So, I’m using the RijndaelManaged class (.NET 2.0) to do AES-128 CBC encryption on small strings (around a dozen characters or less) in a config file. I’ve got everything working properly except that when I decrypt the data, the padding bytes are not removed. I understand I can choose to not do any padding but that is VERY insecure and that the padding bytes need to be added because that’s how AES works (in discreet block sizes). Right now I’m using PaddingMode.ISO10126 to let the CryptoStream automatically append crypto random bytes.
What is the industry-standard way of handling this? What’s the right way of getting rid of these “extra bytes” on decryption?
The best way of getting rid of padding is of course to use PKCS#7 padding instead, and let the cipher instance get rid of the padding, as GregS suggested.
The best way of performing encryption nowadays is to use CTR mode encryption instead, or preferably a cipher that contains authentication/integrity protection such as GCM. Note that with small strings you need to take care not to reveal information through the size of the cipher text though (the result of performing CTR mode encryption on “yes” will result in three bytes, “no” will result in 2 bytes).