>From Section 10:
COSE restricts the set of legal content encryption algorithms to those that support authentication both of the content and additional data. The encryption process will generate some type of authentication value, but that value may be either explicit or implicit in terms of the algorithm definition. For simplicity sake, the authentication code will normally be defined as being appended to the cipher text stream. The encryption functions are: From: Samuel Erdtman [mailto:[email protected]] Sent: Friday, March 17, 2017 9:50 AM To: cose <[email protected]>; Jim Schaad <[email protected]> Subject: Authentication tag Hi I´m working on a JavaScript implementation of the COSE msg specification, currently working on the GCM encryption. In the nodejs crypto environment the authentication tag is set separately i.e. a specific setAuthTag call. I looked into openssl and could see that that was the case there too. In the examples provided with the COSE specification I could find out that the auth tag is appends to the end of the ciphertext. I tried to find this described in the COSE specification but could not find it. It might be described in some refereed specification but it was not obvious to me at least. If it is not to late I would suggest that authentication tag is lifted out from the ciphertext and into the unprotected header similar to IV. Or that it is explicitly described that the authentication tag should be appended to the ciphertext. Cheers Samuel Erdtman
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
