Support custom auth tag length

Comments (3)

Andrew Berlin reporter

marked as enhancement

2019-06-14T16:47:40+00:00

Vladimir Dzhuvinov

Are you aware that this would then no longer classify as A256GSM as specified in the JWA RFC?

https://tools.ietf.org/html/rfc7518#section-5.3

The requested size of the Authentication Tag output MUST be 128 bits,
regardless of the key size.

And 128 bits is the longest value taken from the NIST spec:

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf

The bit length of the tag, denoted t, is a security parameter, as discussed in Appendix B. In general, t may be any one of the following five values: 128, 120, 112, 104, or 96.

2019-06-18T09:25:56+00:00

Vladimir Dzhuvinov

changed status to wontfix

Customising the A256GSM auth tag length is against the spec.

If there's real need for that create a custom enc identifier and content encryption method.

2019-07-17T08:21:46+00:00

Andrew Berlin reporter
- marked as enhancement
- 2019-06-14T16:47:40+00:00
Vladimir Dzhuvinov
Are you aware that this would then no longer classify as A256GSM as specified in the JWA RFC?

https://tools.ietf.org/html/rfc7518#section-5.3
```
The requested size of the Authentication Tag output MUST be 128 bits,
regardless of the key size.
```
And 128 bits is the longest value taken from the NIST spec:

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf

The bit length of the tag, denoted t, is a security parameter, as discussed in Appendix B. In general, t may be any one of the following five values: 128, 120, 112, 104, or 96.
- 2019-06-18T09:25:56+00:00
Vladimir Dzhuvinov
- changed status to wontfix
Customising the A256GSM auth tag length is against the spec.

If there's real need for that create a custom enc identifier and content encryption method.
- 2019-07-17T08:21:46+00:00
Log in to comment