Authentication tag in AESGCM encryption

I'm not a cryptographer so please be patient with me :) I'm trying to figure out how the encryption/decryption happens in some of algorithms in SecKeyAlgorithm (for example kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM). I'm trying to find the answers for these questions:

  1. Is the output of the encryption is publickey + ciphertext + tag? (in that respected order)
  2. Is the tag in 1) == authentication tag (someone said that is GCM tag instead and I don't know what is the different). What is the expected error throws from Apple API if the tag validation failed in the decryption process?
  3. As the input of AES-GCM is 4 params: the secret key, IV (nonce), plain message, additional authentication data (AAD), how can developer supply all the params in the API SecKeyCreateEncryptedData as it's signature is:
CFDataRef _Nullable SecKeyCreateEncryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef plaintext,
                        CFErrorRef *error)

Thank you very much for the help!

Hieu.

Up vote post of hieund910 Down vote post of hieund910
575 views
Posted by
hieund910
Reply
Add a Comment

Replies

Bring it up. Any helps is appreciated!

Posted by
hieund910
Up vote reply of hieund910 Down vote reply of hieund910
Add a Comment

Bump it up

Posted by
hieund910
Up vote reply of hieund910 Down vote reply of hieund910
Add a Comment

I don’t know the answer to this. Given that no one else has chimed in, my recommendation is that you open a DTS tech support incident so that I can allocate time to research this properly.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Post not yet marked as solved Up vote reply of eskimo Down vote reply of eskimo
Add a Comment