I'm creating an app which needs to encrypt some data using the Windows Universal SDK.
I've the code, and it all looks pretty good, I'm using the AesCbcPkcs7 algorithm. I don't have any issue with the code, but what I don't understand is what does exactly mean "CbcPkcs7" after "Aes". I'm referring to the algorithm names under Windows.Security.Cryptography.Core.SymmetricAlgorithmNames
like those ones...
AesCbc
AesCcm
AesEcb
AesEcbPkcs7
AesGcm
AES is a block cipher and as such can only encrypt blocks of fixed size (16 byte).
A mode of operation is needed to encrypt more than a block. ECB for example applies the block cipher as-is on every block of the plaintext separately to get the ciphertext blocks. ECB has problems, because it is not semantically secure, so CBC mode with a random initialization vector is better to use most of the time. Even better is an authenticated mode like GCM which provides not only confidentiality, but also integrity/authenticity.
This is still not enough, because a mode like CBC only enables you to encrypt plaintexts that are a multiple of the block size. A padding scheme is needed to pad the plaintext up to the next multiple of the block size in order to encrypt plaintexts of any length. PKCS#7 padding works by appending bytes with the value of each of those bytes denoting the number of appended bytes.
Modes like CTR and GCM are streaming modes and as such don't need a padding mode additionally to encrypt plaintexts of arbitrary length.