Am 02.06.2015 um 11:52 schrieb Ilya Bizyaev: > 1) I'll try it in my application. In my opinion, that would help to > significantly reduce the code size. > 2) > > 1. I'm sad to need to say this but you're going the wrong > approach :( > > I felt so from the very beginning of implementing it, but I have > honestly got no idea what is wrong (⌒_⌒;) > Do you mean that the tag should be written only once, at the end of > the file? Will it verify the whole file? Is integrity checked only > once, at the end of the file? You current design is like: Write 16kiB (encrypted) and authenticate them with a tag. (-> calling MessageEnd()) My suggestion: Read 16kiB, encrypt them (= channel put), write them (filter does this?). Repeat the above step until the read-operation is complete (whole file's read). Finish "the message" by calling "MessageEnd()" and hence authenticate the whole file.
This design is equal to "write the tag only once, at the end of the file", this will indeed verify the complete amount of data you wrote (= whole read-in file.) Integrity is indeed checked only once, after having read the whole stream. This works and is safe if you don't immediately use the file contents (=before verification). BR JPM > > As far as the AES/GCM encryption/decryption code is concerned, I > haven't pushed it to GitHub yet. I can push it to a new branch if you > need to see it. > -- > -- > You received this message because you are subscribed to the "Crypto++ > Users" Google Group. > To unsubscribe, send an email to > [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google > Groups "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
