Hey Willy,

On 3/23/2019 11:24 AM, Willy Tarreau wrote:
I'm not sure why this is needed, because my first impression was that if
this part can be an argument in the decode it ought to be one as well for
the encoder, but that's where my ignorance of crypto shines, as I understand
from your explanation that it's something the encryption returns instead. I
thought that we'd simply have aes_gcm_encrypt(args),aes_gcm_decrypt(args)
be an identity in fact, but don't worry, I'm not asking you to do magics!

You are correct though. To extend the example:

str(foo),aes_gcm_enc(txn.nonce,txn.key,txn.aead_tag),aes_gcm_dec(txn.nonce,txn.key, txn.aead_tag)

This will still return "foo", but the txn.aead_tag in the "enc" converter is filled with nothing in the beginning, the enc converter will actually set the value of that variable after computing it. Then it must be used in decryption. Or it can be sent along with the ciphertext and the nonce to any other decryption implemention, that's why we need the ability to have it in a variable so it can be sent in a header for example.

The AEAD tag is a MAC which confirms the integrity and authenticity of the ciphertext and any AAD (additional authenticated data), which may be sent in the clear.

Cheers,
Nenad

Reply via email to