- From: Cantor, Scott <cantor.2@osu.edu>
- Date: Wed, 13 Jun 2012 21:42:40 +0000
- To: Pratik Datta <pratik.datta@oracle.com>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
On 6/13/12 3:46 PM, "Pratik Datta" <pratik.datta@oracle.com> wrote: >See http://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html >Notice this line " This tag is appended to the ciphertext during >encryption, and is verified on decryption. " > >I was assuming other APIs would do the same to retrofit GCM into existing >encryption interfaces which are unaware of authentication tags. That's >why we went with this. OpenSSL didn't. They make you pass in the tag ahead of starting decryption and (I'm guessing, not done yet) you have to manually obtain the tag after encryption to include it somewhere. >Another consideration is streaming. Suppose you are encrypting a very >large chunk of data, we want streaming processors to not have to hold on >to the encrypted data. That is why we put the authentication tag at the >end. Unfortunately OpenSSL requires that the decrypter see all the data to get the tag anyway. It errors out before starting decryption if the tag isn't set. -- Scott
Received on Wednesday, 13 June 2012 21:43:24 UTC