The tag is wrapped inside of the output of seal: - size of the tag: https://golang.org/src/crypto/cipher/gcm.go#L126 - https://golang.org/src/crypto/cipher/gcm.go#L146
You have to pass the tag + encrypted data to open to decrypt. AES-GCM already works like a stream cipher, meaning the result of seal will be len(plaintext) + tagLength, as opposed to CBC that has fixed blocks and require padding. I assume what you are asking is stream cipher as stream like a unix Pipe -- I believe CTR mode does this on Go's API. This is highly discouraged because GCM is authenticated: the tag acts like a MAC for the encrypted data that follows. You have to put all the plaintext in memory before starting the process. One way to achieve this is to predefined some "block" length -- say 16KB -- then each time you encrypt the length of the block after generating a nonce every time -- it can be less if you are reaching EOF. In order to decrypt, you need to have output the nonce + the result of seal() -- which is tag + encrypted text. This way you will have achieved a streaming way of encrypting/decrypting in AES-GCM. I assume this is done for TLS too. You have couple tricks to reduce the size of the "nonce overhead" with some nonce scheme. But remember to NEVER REUSE A NONCE WITH THE SAME KEY as it would be fatal otherwise. I am not a cryptographer at all but for fun I wrote this exact scheme a month ago: https://github.com/tehmoon/cryptocli/blob/master/command/aesGCMEncrypt.go#L55 On Tue, Feb 27, 2018 at 6:24 AM, Xiaoyi Shi <ashi...@gmail.com> wrote: > Hi all, > > Is it possible to use go's GCM implementation as a stream cipher? It > appears to me that the counter/tag are held private within the > AEAD.Seal/Open methods. > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
