On Fri, Mar 17, 2017 at 05:50:01PM +0100, Samuel Erdtman wrote: > Hi > > I´m working on a JavaScript implementation of the COSE msg specification, > currently working on the GCM encryption. > > In the nodejs crypto environment the authentication tag is set separately > i.e. a specific setAuthTag call. I looked into openssl and could see that > that was the case there too. > > In the examples provided with the COSE specification I could find out that > the auth tag is appends to the end of the ciphertext.
Well, COSE specification refers to RFC 5116 for definition of AE and AEAD, and that framework only allows single ciphertext output, which as consequence must contain the tag. (How it contains the tag is actually algorithm-dependent, but most have it at the end). -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
