Closed calvinmetcalf closed 9 years ago
I went back and forth on this, I'm not opposed to doing the buffering during decryption. I suppose in practice it puts the pain point in a better place.
It also prevents you from using decrypted but unauthenticated data
On Mon, Apr 20, 2015, 11:02 AM Matthew Surabian notifications@github.com wrote:
I went back and forth on this, I'm not opposed to doing the buffering during decryption. I suppose in practice it puts the pain point in a better place.
— Reply to this email directly or view it on GitHub https://github.com/MattSurabian/aes-gcm-stream/issues/2#issuecomment-94476503 .
Ah right! Since we throw the entire buffer into decipher.update
instead of pushing through chunks one at a time that should prevent the decipher from outputting data until authentication fails as it currently does. I was thinking about how to deal with this over the weekend and actually this handles it perfectly.
Thanks!
if you put the tag at the end, then you'd only need to buffer the stream on decryption not encryption