pc-dart icon indicating copy to clipboard operation
pc-dart copied to clipboard
verified publisher icon bcgit

AES/GCM/PKCS7 doesn't include authentication tag

Open MatthewLM opened this issue 1 year ago • 0 comments

When using AES/GCM/PKCS7 the authentication tag is not included in the encrypted output. This is because PaddedBlockCipherImpl does not call doFinal of GCMBlockCipher.

This means AES/GCM/PKCS7 is not authenticated and presents a severe security vulnerability.

MatthewLM avatar Jun 04 '24 17:06 MatthewLM