[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] NIST Special Publication 800-38F
On 4/3/2013 6:01 PM, Lockhart, Robert wrote:
The major difference being that GCM & CCM perform authentication on the encrypted value not the clear text value.
Half-right The MAC for CCM is calculated on the clear text value. You have to decrypt the ciphertext before you can verify the plain text.
In GCM you have to generate at least the encryption of the first counter block to do the verification of the cipher text.
Although you *could* separate the functions, in practice you do the MAC calculations in lock step with the encryption/decryption.
Mike
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]