W3C home > Mailing lists > Public > public-xmlsec@w3.org > November 2009

Proposal for adding AES-GCM to XML Encryption 1.1

From: pratik datta <pratik.datta@oracle.com>
Date: Mon, 09 Nov 2009 12:18:01 -0800
Message-ID: <4AF878F9.9010808@oracle.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
I am not sure how important AES-GCM is, but  we can consider adding it 
to XML Encryption 1.1. 

NSA suite B requires AES-GCM as a TLS Cipher suite. (see RFC 5430 

Here is a preliminary proposal for adding AES-GCM (I had a brief 
discussion about GCM with Brian in the F2F)

Section 5.1,  (add this to the list of algorithms.)


Section 5.2.3 AES-GCM   (add new section)

AES-GCM is an authenticated encryption mechanism. I.e. it is equivalent 
to doing these two operations in one step - HMAC signing followed by  
AES-CBC encryption. It is very attractive from performance point of 
view, because the cost of AES-GCM is similar to regular AES-CBC 
encryption, yet it achieves the same result as encryption + HMAC 
signing.. Also AES-GCM can be pipelined so it is amenable to hardware 


AES-GCM is used with a 96 bit Initialization Vector (IV), and a 128 bit 
Authentication Tag (T). The cipher text contains the IV first, followed 
by the T and then finally the encrypted octets. Decryption should fail 
if the authentication tag computed during decryption does not match the 
specified Authentication Tag.

Received on Monday, 9 November 2009 20:19:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:12 UTC