Stack Overflow
Stack Overflow

Questions tagged [aes-gcm]

Galois/Counter mode of the Advanced Encryption Standard: A mode of operation of the AES block cipher which both encrypts and authenticates its input data.

393 questions
56
votes
1 answer

How are the IV and authentication tag handled for "AES/GCM/NoPadding"?

I'm using AES/GCM/NoPadding encryption in Java 8 and I'm wondering whether my code has a security flaw. My code seems to work, in that it encrypts and decrypts text, but a few details are unclear. My main question is this: Cipher cipher =…
Michael Hixson
  • 1,250
  • 1
  • 10
  • 15
22
votes
3 answers

Slow AES GCM encryption and decryption with Java 8u20

I am trying to encrypt and decrypt data using AES/GCM/NoPadding. I installed the JCE Unlimited Strength Policy Files and ran the (simple minded) benchmark below. I've done the same using OpenSSL and was able to achieve more than 1 GB/s encryption…
Christo
  • 1,802
  • 4
  • 20
  • 31
21
votes
1 answer

Using the AesGcm class

I just noticed that .NET Standard 2.1/.NET Core 3.0 finally added a class for AES-GCM encryption. However, its API seems to be slightly different from the usual .NET crypto classes: Its Encrypt function asks for pre-allocated byte arrays for the…
janw
  • 8,758
  • 11
  • 40
  • 62
19
votes
1 answer

AES GCM implementation with authentication Tag in Java

I'm using AES GCM authentication in my android project and it works fine. But getting some issues with authentication tag when it compare with openssl API generate tag. Please find the java code below: SecretKeySpec skeySpec = new SecretKeySpec(key,…
user3656812
  • 191
  • 1
  • 1
  • 3
15
votes
1 answer

Can PKCS5Padding be in AES/GCM mode?

What's the padding mode for AES/GCM? I understood it can be NoPadding, as in ECB mode it can be PKCS5Padding, how about in GCM mode? in JCE interface, we need provide "algorithm/mode/padding" (Reference). So I used the following code to get the…
C.c
  • 1,905
  • 6
  • 30
  • 47
15
votes
4 answers

OpenSSL C example of AES-GCM using EVP interfaces

For AES-GCM encryption/decryption, I tried this, but it has a problem. ctx = EVP_CIPHER_CTX_new(); //Get the cipher. cipher = EVP_aes_128_gcm (); #define GCM_IV "000000000000" #define GCM_ADD "0000" #define TAG_SIZE …
doptimusprime
  • 9,115
  • 6
  • 52
  • 90
13
votes
2 answers

How to chain BCryptEncrypt and BCryptDecrypt calls using AES in GCM mode?

Using the Windows CNG API, I am able to encrypt and decrypt individual blocks of data with authentication, using AES in GCM mode. I now want to encrypt and decrypt multiple buffers in a row. According to documentation for CNG, the following scenario…
Reinier Torenbeek
  • 16,669
  • 7
  • 46
  • 69
12
votes
4 answers

Java 9: AES-GCM performance

I have run a simple test to measure the AES-GCM performance in Java 9, by encrypting byte buffers in a loop. The results were somewhat confusing. The native (hardware) acceleration seems to work - but not always. More specifically, When encrypting…
gidon
  • 271
  • 2
  • 8
12
votes
1 answer

Is it possible to encrypt data with AES (256 bit) GCM mode in .net framework 4.7?

The MSDN link provides references to concrete AES classes: System.Security.Cryptography.AesCng System.Security.Cryptography.AesCryptoServiceProvider System.Security.Cryptography.AesManaged However AesCryptoServiceProvider is for older machines and…
Raghu
  • 2,859
  • 4
  • 33
  • 65
12
votes
3 answers

Why is random IV fine for AES-CBC but not for AES-GCM

I have been using AES-CBC for encryption and I use a random IV each time I encrypt plain text. As far as I can tell, this is the recommended approach. I have been looking into AES-GCM / AES-CTR, primarily for the AEAD. I have not yet implemented…
garys
  • 115
  • 1
  • 1
  • 5
11
votes
1 answer

Difference between IvParameterSpec and GCMParameterSpec with AES/GCM/NoPadding

I am using AES/GCM/NoPadding algorithm to encrypt some data on Android (API 19 and onwards) and then later decrypt it back. The key size I use is 32 bytes and is provided to me In addition to the encryption, I also want to know when I try to decrypt…
Droid
  • 528
  • 1
  • 5
  • 12
11
votes
1 answer

AES/GCM/NoPadding AEADBadTagException

I am trying to use AES/GCM/NoPadding for encryption in Java8. But I can't figure out why I am having a AEADBadTagException when decrypting. Here's my code: private final int GCM_IV_LENGTH = 12; private final int GCM_TAG_LENGTH = 16; private static…
Cille
  • 113
  • 1
  • 1
  • 7
10
votes
2 answers

"Unsupported state or unable to authenticate data" with aes-128-gcm in Node

I'm trying to implement encrypt/decrypt functions using aes-128-gcm as provided by node crypto. From my understanding, gcm encrypts the ciphertext but also hashes it and provides this as an 'authentication tag'. However, I keep getting the error:…
Vanita
  • 663
  • 1
  • 7
  • 25
9
votes
1 answer

decrypt TLS 1.2 AES-GCM packet

I'm working on a Java program to decrypt a TLS 1.2 Session which is using the TLS_RSA_WITH_AES_128_GCM_SHA256 cipher. I recorded a test session using wireshark. The Master Secret is known. No. Time Protocol Length Info 4…
bidifx
  • 1,640
  • 13
  • 19
9
votes
3 answers

How come putting the GCM authentication tag at the end of a cipher stream require internal buffering during decryption?

In Java, the "default" AES/GCM provider SunJCE will - during the decryption process - internally buffer 1) encrypted bytes used as input or 2) decrypted bytes produced as result. Application code doing decryption will notice that…
Martin Andersson
  • 18,072
  • 9
  • 87
  • 115
1
2 3
26 27