Reputation: 93
GCM mode for AAD in javax.crypto library
have a question about this library and GCM in general.
I understand GCM mode can both encrypt and authenticate data, or merely just authenticate it. With the javax library, if I want to authenticate a message only I can do:
cipher.updateAAD(AAD)
My question is, when I compute
cipher.doFinal(buffer)
What does buffer become? Is it merely the ciphertext blocks + the GCM auth tag? Or is AAD itself actually included in buffer now?
It's really not clear to me from the docs: https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html
Thanks!
Upvotes: 0
Views: 659
Answers (2)
Reputation: 81
Do you have a specific reason you are trying to use AAD values?
Not sure your experience level or specific use case, but here is a blog article I wrote about AE if you have any questions.
Upvotes: 0
Reputation: 12075
If you will use the AES/GCM/NoPadding, the doFinal method produces ciphertext + tag when encrypting. The same is expected when decrypting the AES/GCM mode.
If you updateAAD, the MAC (tag) is updated, but the AAD itself value is not included (that would even break the purpose of extra AAD).
Upvotes: 1
Related Questions
- AES GCM implementation with authentication Tag in Java
- AES-256-GCM decode
- javax.crypto.AEADBadTagException: Tag mismatch for AES/GCM/No Padding encryptor/decryptor
- gcm cipher mode in android
- Java AES GCM javax.crypto.AEADBadTagException: Tag mismatch
- AES-GCM: AEADBadTagException: mac check in GCM failed
- Java AES GCM Tag mismatch
- AES/GCM/NoPadding AEADBadTagException
- Use of AAD from AES-GCM
- How to utilize AAD in GCM cipher using BouncyCastle lightweight API