W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2012

Re: GCM format question

From: Cantor, Scott <cantor.2@osu.edu>
Date: Wed, 13 Jun 2012 21:42:40 +0000
To: Pratik Datta <pratik.datta@oracle.com>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <CBFE807C.237DC%cantor.2@osu.edu>
On 6/13/12 3:46 PM, "Pratik Datta" <pratik.datta@oracle.com> wrote:

>See http://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html
>Notice this line   " This tag is appended to the ciphertext during
>encryption, and is verified on decryption. "
>
>I was assuming other APIs would do the same to retrofit GCM into existing
>encryption interfaces which are unaware of authentication tags. That's
>why we went with this.

OpenSSL didn't. They make you pass in the tag ahead of starting decryption
and (I'm guessing, not done yet) you have to manually obtain the tag after
encryption to include it somewhere.

>Another consideration is streaming. Suppose you are encrypting a very
>large chunk of data, we want streaming processors to not have to hold on
>to the encrypted data. That is why we put the authentication tag at the
>end.

Unfortunately OpenSSL requires that the decrypter see all the data to get
the tag anyway. It errors out before starting decryption if the tag isn't
set.

-- Scott
Received on Wednesday, 13 June 2012 21:43:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 13 June 2012 21:43:24 GMT