indisoluble / AesGcm

(DEPRECATED - USE: https://developer.apple.com/documentation/cryptokit/aes/gcm) Galois/Counter Mode (GCM) with Advanced Encryption System (AES).

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Can you skip the Additional Authentication Data?

raistlin969 opened this issue · comments

I have a question about the Additional Authentication Data. Is it possible to use this library with out using that? For the moment I am just passing in

[NSData new]

If I encrypt, then decrypt, on the same device, things seem to work, but doing this test using 2 different devices and a failure happens in step 8 of the decrypt, which has to do with the authentication tag. So I am wondering if I am using that correctly.

Hi @raistlin969,

You have to use an Additional Authentication Data but an empty NSData is OK. You already verified it but there are also a few unit tests in this project that use an empty NSData like these one and these one.

Based on what you mentioned, I tend to thing the problem is located in the data transfer between the 2 devices. I mean:

  • Once the data is ciphered, do you serialise it before sending it to the second device? For example, as a Base64 string.
  • Then, in the receiver what do you do to recreate the IAGCipheredData instance? Keep in mind that an IAGCipheredData instance includes 2 things, not only the ciphered data but also the Authentication Tag.
  • Also, to decipher the data you need to use the same Initialisation Vector and Key, how are you sharing these between the 2 devices?

Hey. Thanks for the response. Yes you are right, I was having a problem with the transport. Part of the info that goes into deriving my key was wrong due to the transport. So the problem was trying to decrypt with a different derived aes key. Things work now! It is good to know that an empty NSData is the way to go, I will continue to do that. Thanks