Re: AES-GCM cipher in TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Matt.

I did read those RFC as well. And here is the confusion. The RFC5116 says this section 2.1

  There is a single output:

      A ciphertext C, which is at least as long as the plaintext, or

      an indication that the requested encryption operation could not be
      performed.
Note the emphasis on "single output". So, encryption output is just a single output ciphertext C. This C is the ciphertext + tag from what I understand in a single output. Similarly, section 2.2, does not mention anything about separating the tag from the Ciphertext and just takes C as input.

Now assuming that openssl follows this, shouldn't the example at https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption just give a single output per the RFC. Instead the example requires Cipher text and tag to be extracted separately. Conversely, decryption should just take the ciphertext C (which includes the tag) and output the plaintext. But again the example requires separating the tag for verification.

In summary, per my understanding of the RFC, the auth tag is seamless and the application should not have to deal with it separately. Yet, the openssl example using EVP deals with tag separately. 
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux