Forgot to add: you do NOT have to have "associated data" at all. Just ignore the "AAD" channel in that case.
Sent from my iPad > On Feb 25, 2015, at 11:25, Jean-Pierre Münch <[email protected]> > wrote: > > Hey Ilya, > > concerning your questions: > 1) adata seems to be data that is only authenticated but not encrypted. This > is mainly data that you must authenticate because of your protocol. In your > case you might want to authenticate the salt with the header GCM execution. > pdata is the plain data (=plaintext), that means this is the data that will > be encrypted and authenticated. The contents of your target file should be in > this category as should be the contents of your header. > 2) channel "AAD" is authentication associated data (I hope), that's the data > you stored in adata. some goes for empty channel name with pdata. > 3) If I'm interpreting the code snippet you showed here using SecByteBlock > shouldn't be a problem. F.ex. you can store your adata in a secbyteblock. > Normally there's an auto-conersion from SecByteBlock to byte* and const byte* > so can simply put "ef.ChannelPut("AAD",data,data.size());" and it should work > (again I do hope this). > > I do think (but not know for sure) that StringSink does accept SecByteBlocks > as they are also "strings" (large blocks of chars). Please test it and see if > you get a compiler / testing error. > > BR > > JPM > > Am Mittwoch, 25. Februar 2015 14:10:57 UTC+1 schrieb Ilya Bizyaev: >> >> Wow, the AES/GCM implemetation is super-complicated! >> 1) There are two such strings declared at the beginning: >> ------------------------------------------------- >> string adata( 16, (char)0x00 ); >> string pdata( 16, (char)0x00 ); >> ------------------------------------------------- >> What each of them is ment for? >> 2) >> ------------------------------------------------------------------------------------ >> // AuthenticatedEncryptionFilter::ChannelPut >> // defines two channels: "" (empty) and "AAD" >> // channel "" is encrypted and authenticated >> // channel "AAD" is authenticated >> ef.ChannelPut( "AAD", (const byte*)adata.data(), adata.size() ); >> ef.ChannelMessageEnd("AAD"); >> >> // Authenticated data *must* be pushed before >> // Confidential/Authenticated data. Otherwise >> // we must catch the BadState exception >> ef.ChannelPut( "", (const byte*)pdata.data(), pdata.size() ); >> ef.ChannelMessageEnd(""); >> ------------------------------------------------------------------------------------ >> The question is: which channel is ment for the data your need to encrypt, >> and which is for authentification data? They are both called "Authenticated >> data"... And again, adata and pdata are here without an explanation... >> 3) Is it possible to do without strings, using SecByteBlocks and arrays? > > -- > -- > You received this message because you are subscribed to the "Crypto++ Users" > Google Group. > To unsubscribe, send an email to [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google Groups > "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME cryptographic signature
