I am trying to do some research on AES-GCM. I am trying to encrypt some data using Bouncy Castle's AES-GCM algorithm implementation and then decrypt it using openSSL's AES-GCM, but I couldn't.
I checked in Bouncy Castle, it returns a single output (ciphertext having length equal to the length of the input plus authentication tag), but in openSSL there are 2 outputs... 1 is the cipher text equal to the length of the input, and the other output is the tag length.
我正在尝试对AES-GCM进行一些研究。我正在尝试使用Bouncy Castle的AES-GCM算法实现加密一些数据,然后使用openSSL的AES-GCM对其进行解密,但我不能。我检查了Bouncy Castle,它返回一个输出(密文长度等于输入加上认证标签的长度),但在openSSL中有2个输出... 1是密文,等于输入的长度,另一个输出是标签长度。
I checked that both follow the same standard, NIST 800-38D. I checked several of the posts but nowhere was mentioned how to do it. But also nowhere is it mentioned that we can't. Any idea?
我检查过两者都遵循相同的标准,NIST 800-38D。我检查了几个帖子,但没有提到如何做到这一点。但也没有提到我们不能。任何想法?
1 个解决方案
#1
2
You've simply got to concatenate the ciphertext and tag to decrypt with Bouncy or split the ciphertext and tag to verify using OpenSSL. The tag length should be an pre-configured input for the GCM mode, so it should always be possible to distinguish between ciphertext and authentication tag.
您只需将密文和标记连接到Bouncy进行解密,或者将密文和标记拆分为使用OpenSSL进行验证。标签长度应该是GCM模式的预配置输入,因此应始终可以区分密文和认证标签。
#1
2
You've simply got to concatenate the ciphertext and tag to decrypt with Bouncy or split the ciphertext and tag to verify using OpenSSL. The tag length should be an pre-configured input for the GCM mode, so it should always be possible to distinguish between ciphertext and authentication tag.
您只需将密文和标记连接到Bouncy进行解密,或者将密文和标记拆分为使用OpenSSL进行验证。标签长度应该是GCM模式的预配置输入,因此应始终可以区分密文和认证标签。