Thanks! On Tuesday, February 27, 2018 at 11:51:13 PM UTC+8, Buschini Edouard wrote: > > The tag is wrapped inside of the output of seal: > - size of the tag: https://golang.org/src/crypto/cipher/gcm.go#L126 > - https://golang.org/src/crypto/cipher/gcm.go#L146 > > You have to pass the tag + encrypted data to open to decrypt. > AES-GCM already works like a stream cipher, meaning the result of seal > will be len(plaintext) + tagLength, as opposed to CBC that has fixed blocks > and require padding. > > I assume what you are asking is stream cipher as stream like a unix Pipe > -- I believe CTR mode does this on Go's API. > This is highly discouraged because GCM is authenticated: the tag acts like > a MAC for the encrypted data that follows. You have to put all the > plaintext in memory before starting the process. > > One way to achieve this is to predefined some "block" length -- say 16KB > -- then each time you encrypt the length of the block after generating a > nonce every time -- it can be less if you are reaching EOF. > In order to decrypt, you need to have output the nonce + the result of > seal() -- which is tag + encrypted text. > This way you will have achieved a streaming way of encrypting/decrypting > in AES-GCM. I assume this is done for TLS too. > > You have couple tricks to reduce the size of the "nonce overhead" with > some nonce scheme. But remember to NEVER REUSE A NONCE WITH THE SAME KEY as > it would be fatal otherwise. > > I am not a cryptographer at all but for fun I wrote this exact scheme a > month ago: > https://github.com/tehmoon/cryptocli/blob/master/command/aesGCMEncrypt.go#L55 > > On Tue, Feb 27, 2018 at 6:24 AM, Xiaoyi Shi <ash...@gmail.com > <javascript:>> wrote: > >> Hi all, >> >> Is it possible to use go's GCM implementation as a stream cipher? It >> appears to me that the counter/tag are held private within the >> AEAD.Seal/Open methods. >> >> Thanks! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "golang-nuts" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to golang-nuts...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > >
-- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
