AES-GCM模式的正确随机数/ iv大小 [英] correct nonce/iv size for AES-GCM mode
问题描述
编辑:问题可以简化为此::
以下Node.js代码给出无效的IV长度错误。为什么? IV应该是什么?
The issue can be simplified to this: The following Node.js code give an "Invalid IV length" Error. Why? What should the IV be?
const crypto = require('crypto')
const decipher = crypto.createDecipheriv('aes-128-gcm', crypto.randomBytes(16), crypto.randomBytes(16))
我在GCM模式下使用AES加密某些数据,但是我使用两种不同的语言和库进行加密和解密,它们似乎对我需要的词汇有所不同。
I'm using AES in GCM mode to encrypt some data, but I'm using two different languages and libraries for encryption and decryption and they seem to have different vocabularies about what I need.
我正在使用Python库进行加密(加密)。 encrypt_and_digest 方法采用128位密钥和一条消息,并返回128位随机数,128位标记和密文。
I'm encrypting with a Python library (Crypto). The encrypt_and_digest method takes a 128 bit key and a message and returns a 128 bit nonce, 128 bit tag, and a ciphertext.
(从此示例中提取的密码)
(Encryption code taken from this example)
我正在使用默认的Node.js解密 crypto 库。该库需要一个会话密钥,一个标记和一个IV。当我将Python库的随机数作为IV传递时,它给我一个无效的iv大小错误。 Node库的示例似乎使用了12个字符的字符串作为IV。
I'm decrypting with the default Node.js crypto library. That library expects a session key, a tag, and an IV. When I pass the nonce from the Python library as the IV, it gives me an "invalid iv size" error. Examples of the Node library seem to use a 12-character string as an IV.
我的解密代码如下(取自此处):
My decryption code looks like this (taken from here):
var decipher = crypto.createDecipheriv(algorithm, password, nonce)
decipher.setAuthTag(encrypted.tag);
var dec = decipher.update(encrypted.content, 'hex', 'utf8')
此方案的IV和随机数有什么区别?我该如何解决?谢谢!
What is the difference between IV and nonce for this scheme? How should I resolve this? Thanks!
推荐答案
事实证明,GCM的随机数应为12个字节长。我不确定为什么python库默认情况下会自动生成一个16字节的随机数,但是您可以生成自己的并在 AES 构造函数中手动指定它,因此我做了什么。整个系统现在可以正常运行了
It turns out the nonce for GCM should be 12 bytes long. I'm not sure why the python library defaults to auto-generating a 16-byte nonce, but you can generate your own and specify it manually in the AES constructor, so thats what I did. The whole system works perfectly now
这篇关于AES-GCM模式的正确随机数/ iv大小的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
