问题
I am implementing a scheme with cipher in GCM mode in node.js.
I have to append/prepend GCM tag to the ciphertext in order to check the integrity. However, I am not sure how big the tag will be!
On crypto++ wiki, I read that the size could vary and that it's actually a parameter of the GCM mode. Citing from the wiki, emphasis mine:
The parameters which must be supplied and used by both parties are:
- key and key size
- iv and iv size
- tag size
However, in node documentation, there is nothing about the tag size. Just that the tag exist. Citing from the documentation:
cipher.getAuthTag()
For authenticated encryption modes (currently supported: GCM), this method returns a Buffer that represents the authentication tag that has been computed from the given data. Should be called after encryption has been completed using the final method!
Should I expect the tag size to vary and just save the tag size together with the ciphertext? Or can I just assume the tag size is always smaller than 128 bits and pad it with zeroes on the left?
回答1:
Both node.js and the browserify-crypto use 128 bits tags.
I haven't found the actual code, but it's obvious by looking at the tests.
Node.js tests here, crypto-browserify tests here.
来源:https://stackoverflow.com/questions/33976117/does-node-js-crypto-use-fixed-tag-size-with-gcm-mode