我想使用AES GCM实现文件传输,两个对等共享 同样的关键。 但是,计算用于验证数据完整性的GCM标记 在加密过程结束时。 那么发件人是否也应该将标签发送给接收者,以便他可以解密并验证它们?还是被认为不安全? (假设标签已加密并以与数据相同的方式发送)
答案 0 :(得分:0)
You can send the tag and you even have to, as most proper implementations of GCM will fail to decrypt the ciphertext unless you provide them with a valid tag.
To decrypt succesfully, you must have the ciphertext, the key, and the nonce. To verify the authenticity you must have the ciphertext,the tag, the key, the nonce and the assosiated data (if some was used during encryption)