diff --git a/src/duplicacy_chunk.go b/src/duplicacy_chunk.go
index 6298d59..2a24493 100644
--- a/src/duplicacy_chunk.go
+++ b/src/duplicacy_chunk.go
@@ -250,10 +250,7 @@ func (chunk *Chunk) Encrypt(encryptionKey []byte, derivationKey string) (err err
 	// PKCS7 is used.  Compressed chunk sizes leaks information about the original chunks so we want the padding sizes
 	// to be the maximum allowed by PKCS7
 	dataLength := encryptedBuffer.Len() - offset
-	paddingLength := dataLength % 256
-	if paddingLength == 0 {
-		paddingLength = 256
-	}
+	paddingLength := 256 - dataLength % 256
 
 	encryptedBuffer.Write(bytes.Repeat([]byte{byte(paddingLength)}, paddingLength))
 	encryptedBuffer.Write(bytes.Repeat([]byte{0}, gcm.Overhead()))
diff --git a/src/duplicacy_chunk_test.go b/src/duplicacy_chunk_test.go
index 178570d..b4bf83a 100644
--- a/src/duplicacy_chunk_test.go
+++ b/src/duplicacy_chunk_test.go
@@ -22,6 +22,8 @@ func TestChunk(t *testing.T) {
 	config.CompressionLevel = DEFAULT_COMPRESSION_LEVEL
 	maxSize := 1000000
 
+	remainderLength := -1
+
 	for i := 0; i < 500; i++ {
 
 		size := rand.Int() % maxSize
@@ -44,6 +46,12 @@ func TestChunk(t *testing.T) {
 		encryptedData := make([]byte, chunk.GetLength())
 		copy(encryptedData, chunk.GetBytes())
 
+		if remainderLength == -1 {
+			remainderLength = len(encryptedData) % 256
+		} else if len(encryptedData) % 256 != remainderLength {
+			t.Errorf("Incorrect padding size")
+		}
+
 		chunk.Reset(false)
 		chunk.Write(encryptedData)
 		err = chunk.Decrypt(key, "")