AES PKCS7 Padding Tool
Add and remove PKCS7 padding for AES-CBC plaintext and ciphertext handling.
Loading AES Padding Tool...
How to Use AES PKCS#7 Padding Tool
Add or remove PKCS#7 padding to match AES-CBC block size requirements and debug decryption errors.
Choose Add or Remove Padding
Select Add PKCS#7 before AES-CBC encryption when your payload is not block aligned. Select Remove PKCS#7 after decryption. PKCS#7 behavior is part of cryptographic message syntax guidance in RFC 5652.
Set Input Format and Block Size
Choose UTF-8, HEX, or Base64 input and use the same block size expected by your cipher mode. AES block size is 16 bytes, so most AES-CBC workflows should keep block size at 16. For AES mode basics, review FIPS 197 and AES-CBC tool.
Inspect Padding Bytes and Validate
In add mode, verify last bytes all equal padding length. In remove mode, malformed padding triggers error, helping you detect corrupted ciphertext or wrong key/IV usage.
Example (UTF-8 "hello" with block size 16)
68656c6c6f0b0b0b0b0b0b0b0b0b0b0b
Use with Encryption Debugging
Padding errors are one of the most common causes of AES-CBC decryption failure. Use this page before running full decrypt pipelines and combine with AES Decryption, HEX/Base64 conversion, and your backend logs.
Frequently Asked Questions
What is PKCS#7 padding?
It appends N bytes of value N so plaintext length becomes a multiple of block size.
Do I need padding for AES-GCM or AES-CTR?
No. Padding is usually needed for block modes like CBC, not stream-like modes such as GCM/CTR.
Why does unpadding fail?
Common causes are wrong block size, altered ciphertext, or decrypting with wrong key/IV.
Can I use block size other than 16?
You can for generic PKCS#7 tests, but AES itself uses 16-byte blocks.
Should I strip padding before Base64 encoding?
Padding is part of binary plaintext/ciphertext bytes; Base64 is only an encoding layer.
How can I cross-check padding quickly?
Convert payload to HEX and inspect final bytes; they must repeat the pad length value exactly.
Related Tools
AES Encryption
AES encryptor online - Encrypt text, JSON, and files with AES-128 or AES-256. Support for CBC, GCM, and CTR cipher modes. Military-grade encryption with automatic key generation.
AES Decryption
AES decryptor online - Decrypt AES-encrypted data with AES-128 or AES-256. Support for CBC, GCM, and CTR modes. Restore your encrypted files securely.
AES Key & IV Generator
Generate secure AES-128 or AES-256 encryption keys and initialization vectors (IV) in hex or Base64 format.
AES-GCM Encrypt/Decrypt
Encrypt and decrypt data specifically in AES-GCM mode with AES-128 or AES-256 and Base64 ciphertext output.
AES-CBC Encrypt/Decrypt
Encrypt and decrypt data specifically in AES-CBC mode with AES-128 or AES-256 and Base64 ciphertext output.
AES-CTR Encrypt/Decrypt
Encrypt and decrypt data specifically in AES-CTR mode with AES-128 or AES-256 and Base64 ciphertext output.