From eda5839acc9f536a47f69b57bb25f31f593d4360 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Fri, 19 Aug 2016 15:03:34 +0900 Subject: Sync with a335e3f626ff --- OpenSSL/Cipher.html | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/OpenSSL/Cipher.html b/OpenSSL/Cipher.html index 98ba0053..b7eb30c3 100644 --- a/OpenSSL/Cipher.html +++ b/OpenSSL/Cipher.html @@ -323,9 +323,12 @@ This prevents malicious modifications of the ciphertext that could otherwise be exploited to modify ciphertexts in ways beneficial to potential attackers.

-

If no associated data is needed for encryption and later decryption, the OpenSSL library still requires a value to be set -- “” may be used in case none is available.

+

An associated data is used where there is additional information, such as +headers or some metadata, that must be also authenticated but not +necessarily need to be encrypted. If no associated data is needed for +encryption and later decryption, the OpenSSL +library still requires a value to be set - “” may be used in case none is +available.

An example using the GCM (Galois/Counter Mode). You have 16 bytes key, 12 bytes (96 bits) nonce and the associated @@ -342,8 +345,8 @@ GCM mode.

tag = cipher.auth_tag # produces 16 bytes tag by default -

Now you are the receiver. You know the key and -nonce, and have received encrypted and +

Now you are the receiver. You know the key and have received +nonce, auth_data, encrypted and tag through an untrusted network. Note that GCM accepts an arbitrary length tag between 1 and 16 bytes. You may additionally need to check that the received tag has the correct length, or you allow attackers -- cgit v1.2.3