Can you skip the Additional Authentication Data?
raistlin969 opened this issue · comments
I have a question about the Additional Authentication Data. Is it possible to use this library with out using that? For the moment I am just passing in
[NSData new]
If I encrypt, then decrypt, on the same device, things seem to work, but doing this test using 2 different devices and a failure happens in step 8 of the decrypt, which has to do with the authentication tag. So I am wondering if I am using that correctly.
Hi @raistlin969,
You have to use an Additional Authentication Data but an empty NSData
is OK. You already verified it but there are also a few unit tests in this project that use an empty NSData
like these one and these one.
Based on what you mentioned, I tend to thing the problem is located in the data transfer between the 2 devices. I mean:
- Once the data is ciphered, do you serialise it before sending it to the second device? For example, as a Base64 string.
- Then, in the receiver what do you do to recreate the
IAGCipheredData
instance? Keep in mind that anIAGCipheredData
instance includes 2 things, not only the ciphered data but also the Authentication Tag. - Also, to decipher the data you need to use the same Initialisation Vector and Key, how are you sharing these between the 2 devices?
Hey. Thanks for the response. Yes you are right, I was having a problem with the transport. Part of the info that goes into deriving my key was wrong due to the transport. So the problem was trying to decrypt with a different derived aes key. Things work now! It is good to know that an empty NSData is the way to go, I will continue to do that. Thanks