Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is "additional authenticated data" in AES-GCM?

Tags:

c#

aes

aes-gcm

I am implementing an AES cipher in GCM mode in c#. My question pertains to the "additional authenticated data"(AAD). In the following code from

http://blogs.msdn.com/b/shawnfa/archive/2009/03/17/authenticated-symmetric-encryption-in-net.aspx

it is unclear where I should get the AAD from, and how I should retrieve the AAD specific to this encryption during decryption:

// Authenticated data becomes part of the authentication tag that is generated during
// encryption, however it is not part of the ciphertext.  That is, when decrypting the
// ciphertext the authenticated data will not be produced.  However, if the
// authenticated data does not match at encryption and decryption time, the
// authentication tag will not validate.
aes.AuthenticatedData = Encoding.UTF8.GetBytes("Additional authenticated data");

Any clarification on how to use this AAD would be much appreciated. Thanks

like image 981
crawfish Avatar asked Oct 28 '25 08:10

crawfish

1 Answers

AAD stands for Additional Authenticated Data or Additional Associated Data. This is data that can be send in the clear together with the cipher text. Both the encrypted message and the AAD are validated for integrity when you perform the combined verification and decryption of an AEAD cipher.

AAD data is not a key, it's just plain data you can include in your protocol which needs to be protected for integrity, but does not need (or, more logically, would not be useful with) encryption. A good example would be a header of an encrypted IP packet; if you encrypt it you cannot use it for routing, if you don't protect it's integrity, an attacker may change the message length or source address without the receiver knowing about it.

Note that AEAD ciphers already include the IV / nonce in the calculation of the authentication tag. It is therefore unnecessary to include it in the AAD. The AAD is often used to include sender, receiver and possibly message identification number - if that's present outside of the encrypted part of the message. Those elements need to be present unencrypted, but adversaries may still want to change the information undetected.

like image 167
Maarten Bodewes Avatar answered Oct 29 '25 23:10

Maarten Bodewes
Sign in to Comment

Related questions

Removing a row form the database when working with the fluent migration
C# Event handler subscription management
How to check if an ApplicationUser has a Claim
How to mark a method as not needing to be tested? (ASP.NET, ReSharper) [duplicate]
What is the best way to exclude an exception type from your catch? [duplicate]
how to stop powershell invoker in C#
Is the 32-bit .NET max byte array size < 2GB?
Turning a single radian value into a Vector Direction
XPath not working in xml created using DataContractSerializer
Background worker runs doWork multiple times
Opening a web page in a non-elevated browser from an elevated process C#

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!