Does node.js crypto use fixed tag size with GCM mode?

半城伤御伤魂 提交于 2020-01-16 02:01:09

问题


I am implementing a scheme with cipher in GCM mode in node.js.

I have to append/prepend GCM tag to the ciphertext in order to check the integrity. However, I am not sure how big the tag will be!

On crypto++ wiki, I read that the size could vary and that it's actually a parameter of the GCM mode. Citing from the wiki, emphasis mine:

The parameters which must be supplied and used by both parties are:

  • key and key size
  • iv and iv size
  • tag size

However, in node documentation, there is nothing about the tag size. Just that the tag exist. Citing from the documentation:

cipher.getAuthTag()

For authenticated encryption modes (currently supported: GCM), this method returns a Buffer that represents the authentication tag that has been computed from the given data. Should be called after encryption has been completed using the final method!

Should I expect the tag size to vary and just save the tag size together with the ciphertext? Or can I just assume the tag size is always smaller than 128 bits and pad it with zeroes on the left?


回答1:


Both node.js and the browserify-crypto use 128 bits tags.

I haven't found the actual code, but it's obvious by looking at the tests.

Node.js tests here, crypto-browserify tests here.



来源:https://stackoverflow.com/questions/33976117/does-node-js-crypto-use-fixed-tag-size-with-gcm-mode

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!