Authentication tag in AESGCM encryption

Privacy & Security General
hieund910 OP
Created Aug ’21
Replies 3
Boosts 0
Views 1.5k
Participants 2

I'm not a cryptographer so please be patient with me :) I'm trying to figure out how the encryption/decryption happens in some of algorithms in SecKeyAlgorithm (for example kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM). I'm trying to find the answers for these questions:

  1. Is the output of the encryption is publickey + ciphertext + tag? (in that respected order)
  2. Is the tag in 1) == authentication tag (someone said that is GCM tag instead and I don't know what is the different). What is the expected error throws from Apple API if the tag validation failed in the decryption process?
  3. As the input of AES-GCM is 4 params: the secret key, IV (nonce), plain message, additional authentication data (AAD), how can developer supply all the params in the API SecKeyCreateEncryptedData as it's signature is:
CFDataRef _Nullable SecKeyCreateEncryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef plaintext,
                        CFErrorRef *error)

Thank you very much for the help!

Hieu.

Replies  3
Boosts  0
Views  1.5k
Participants  2
hieund910 OP
Aug ’21

Bring it up. Any helps is appreciated!

0
hieund910 OP
Aug ’21

Bump it up

0
DTS Engineer OP
Apple
Aug ’21

I don’t know the answer to this. Given that no one else has chimed in, my recommendation is that you open a DTS tech support incident so that I can allocate time to research this properly.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1
Authentication tag in AESGCM encryption
First post date Last post date
 
 
Q