Reputation: 37724
Does node.js crypto use fixed tag size with GCM mode?
I am implementing a scheme with cipher in GCM mode in node.js.
I have to append/prepend GCM tag to the ciphertext in order to check the integrity. However, I am not sure how big the tag will be!
On crypto++ wiki, I read that the size could vary and that it's actually a parameter of the GCM mode. Citing from the wiki, emphasis mine:
The parameters which must be supplied and used by both parties are:
- key and key size
- iv and iv size
- tag size
However, in node documentation, there is nothing about the tag size. Just that the tag exist. Citing from the documentation:
cipher.getAuthTag()
For authenticated encryption modes (currently supported: GCM), this method returns a Buffer that represents the authentication tag that has been computed from the given data. Should be called after encryption has been completed using the final method!
Should I expect the tag size to vary and just save the tag size together with the ciphertext? Or can I just assume the tag size is always smaller than 128 bits and pad it with zeroes on the left?
Upvotes: 2
Views: 1935
Answers (1)
Reputation: 37724
Both node.js and the browserify-crypto use 128 bits tags.
I haven't found the actual code, but it's obvious by looking at the tests.
Node.js tests here, crypto-browserify tests here.
Upvotes: 1
Related Questions
- Using AES GCM without authentication tag in Node.js?
- AES 256 GCM encryption decryption in nodejs
- AES GCM encryption decryption in nodejs & Java
- Translating Java AES encryption to nodejs, but 16 bytes missing after encryption
- Trouble with getting correct tag for 256-bit AES GCM encryption in Node.js
- AEAD AES-256-GCM in Node.js
- Why can node's aes-256-gcm produce ciphertexts with lengths indivisible by 16?
- AES-256-GCM in Nodejs
- nodejs AES-128-GCM "invalid initialization vector length"
- correct nonce/iv size for AES-GCM mode