node.js加密是否使用GCM模式的固定标签大小? [英] Does node.js crypto use fixed tag size with GCM mode?
问题描述
我必须将GCM标签附加/加入密文才能检查完整性。但是,我不知道标签有多大!
在 crypto ++ wiki ,我读到大小可能会有所不同,它实际上是GCM模式的一个参数。从维基引用,重点是:
双方必须提供和使用的参数是:
- 密钥和密钥大小
- iv和iv size
- 标签大小
然而,在节点文档,标签大小没有任何关系。只是标签存在。引用文件:
cipher.getAuthTag()
对于经过身份验证的加密模式(当前支持:GCM),此
方法返回一个表示从给定数据计算
的认证标签的缓冲区。应该调用
加密已经使用最终的方法完成!
我应该期望标签大小有所不同,只是将标签大小与密文一起保存?或者我可以假设标签的大小总是小于128位,并在左边用零填充?
.js和browserify-crypto使用128位标签。
我没有找到实际的代码,但是通过查看测试很明显。
节点.js在这里测试, crypto-browserify tests here / a>。
I am implementing a scheme with cipher in GCM mode in node.js.
I have to append/prepend GCM tag to the ciphertext in order to check the integrity. However, I am not sure how big the tag will be!
On crypto++ wiki, I read that the size could vary and that it's actually a parameter of the GCM mode. Citing from the wiki, emphasis mine:
The parameters which must be supplied and used by both parties are:
- key and key size
- iv and iv size
- tag size
However, in node documentation, there is nothing about the tag size. Just that the tag exist. Citing from the documentation:
cipher.getAuthTag()
For authenticated encryption modes (currently supported: GCM), this method returns a Buffer that represents the authentication tag that has been computed from the given data. Should be called after encryption has been completed using the final method!
Should I expect the tag size to vary and just save the tag size together with the ciphertext? Or can I just assume the tag size is always smaller than 128 bits and pad it with zeroes on the left?
Both node.js and the browserify-crypto use 128 bits tags.
I haven't found the actual code, but it's obvious by looking at the tests.
Node.js tests here, crypto-browserify tests here.
这篇关于node.js加密是否使用GCM模式的固定标签大小?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
