We are planning to use "AES/GCM/NoPadding"
in Java using BouncyCastle v1.51. Can someone shed some light on the ideal implementation / best practices with respect to the usage & generation of additional authenticated data (AAD) & authentication tag?
Following is the encryption code:
private static byte[] encryptGCM(byte[] plaintext,
byte[] randomKeyBytes, byte[] randomIvBytes) throws Exception{
SecretKey randomKey = new SecretKeySpec(randomKeyBytes, "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", new BouncyCastleProvider());
cipher.init(Cipher.ENCRYPT_MODE, randomKey, new IvParameterSpec(
randomIvBytes)); //TODO: here IvParamSpec could also be gcmP = new GCMParameterSpec(12, keys, 32, 12);
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
cipherOutputStream.write(plaintext);
cipherOutputStream.close();
return byteArrayOutputStream.toByteArray();//this is the encrypted text
}
I'll answer the questions in order:
doFinal
the right amount of bytes is taken from the ciphertext and interpreted as being the tag, and the last part of the plaintext is output. Note that the buffering of ciphertext is implementation specific, but the way that Cipher
has been defined, some buffering has to take place.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.