Hey Ilya, Concerning your questions:
1. Two different instances is a good solution. If you really want to
have one single, there should be ".Restart()" as it should derived
from HashTransformation (indirectly). Just try this with your
auto-completion. (But make sure the authentication tag is actually
written before)
2. I'm sad to need to say this but you're going the wrong approach :(
Again, I didn't verify against the code, but I think the issue you
have is, that you write the encrypted data and the authentication
tag and upon decryption you treat the tag as "ciphertext" (I think)
and hence cause an authentication error on verification.
So may I ask why you call ChannelMessageEnd("") after each block?
Why not feed the data into the channel (16kiB after 16kiB) until
it's all written and then call ChannelMessageEnd("")? And concerning
your other "sub-question", the authentication after each block, it's
impossible with GCM as it's CTR+Auth and hence the blocksize is only
meaningful for the counter/nonce.
I hope this makes sense...
BR
JPM
Am 31.05.2015 um 14:17 schrieb Ilya Bizyaev:
> Hello everyone!
> I have been developing my small project
> <https://github.com/IlyaBizyaev/Entangle/tree/unstable> for a while at
> my spare time, and recently I have finally started replacing old
> AES/CFB-256 encryption with AES/GCM-256 /(before this the header was
> encrypted with AES-GCM-128, and the very file - with AES-CFB-256)/.
> This time (I have already attempted to do it before) I am more
> successfull with it, but some issues have not been sorted out yet:
>
> 1) I need to ensure that by the time I encrypt the file the
> GCM<AES>::Encryption and AuthenticatedEncryptionFilter objects are
> absolutely clear from the header data. Currently, I create two
> different instances for different processes. Is it possible to do with
> only one of them?
>
> 2) *Most important issue. *On encryption, I use 16 KB buffer to read
> and encrypt the data. After each such read/encrypt step, I need to
> write it to the resulting file with its hash.
> If the data left is less than 16 KB in size, I encrypt only it (don't
> add any random data to be 16 KB) and produce hash only for it. At the
> end I call gcm_f.ChannelMessageEnd(""), but it produces hash only for
> the last block; so, only *< 16 KB* files can be then decrypted
> successfully. How do I add hash after *each block?*
> I tried gcm_f.ChannelMessageSeriesEnd(""), but it does not do anything...
> --
> --
> You received this message because you are subscribed to the "Crypto++
> Users" Google Group.
> To unsubscribe, send an email to
> [email protected].
> More information about Crypto++ and this group is available at
> http://www.cryptopp.com.
> ---
> You received this message because you are subscribed to the Google
> Groups "Crypto++ Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected]
> <mailto:[email protected]>.
> For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
