Authentication Tag Length for encryption

aws-samples / aws-cloudhsm-jce-examples

Sample applications demonstrating how to use the CloudHSM JCE

MIT No Attribution

37 stars 57 forks source link

Authentication Tag Length for encryption #10

Closed apipersenia closed 5 years ago

apipersenia commented 5 years ago

Hi, Can you explain how the Authentication Tag length is being set when Cipher instance is being created for encryption? I only see it being used during decryption https://github.com/aws-samples/aws-cloudhsm-jce-examples/blob/b14c49fe7c7c887d4e589e1c340026b3ed6e5ff7/src/main/java/com/amazonaws/cloudhsm/examples/AESGCMEncryptDecryptRunner.java#L110

Thanks!

rday commented 5 years ago

We aren't explicitly setting it in this sample. Since we only support 128 bits at this time(and that is the default length), we just use that 16 byte string for the AAD.

https://github.com/aws-samples/aws-cloudhsm-jce-examples/blob/b14c49fe7c7c887d4e589e1c340026b3ed6e5ff7/src/main/java/com/amazonaws/cloudhsm/examples/AESGCMEncryptDecryptRunner.java#L83