AES-GCM Encryption with JDK 1.8

Question

Planning to add support of below Enc Algo:

• AES128-GCM: http://www.w3.org/2009/xmlenc11#aes128-gcm
• AES192-GCM: http://www.w3.org/2009/xmlenc11#aes192-gcm
• AES256-GCM: http://www.w3.org/2009/xmlenc11#aes256-gcm

through JDK 1.8 Based Implementation, taking reference from javax.crypto.spec.GCMParameterSpec & javax.crypto.Cipher. Here I got to know that Cipher needs GCMParameterSpec object for its:

public final void init(int opmode, Key key, AlgorithmParameterSpec params)

Now want to know what will be values of (IV & tLen) for all the above listed Algo for creation of GCMParameterSpec object.

Are these value will be different for different above listed algo (no, seems to me as only changes is key size)

And Please describe the purpose of these two attributes (IV & tLen) of GCMParameterSpec as well

Answer 1

Source here:

For the purposes of this specification, AES-GCM shall be used with a 96 bit Initialization Vector (IV) and a 128 bit Authentication Tag (T).

The IV or nonce (number-used-once) is required to make sure that identical messages do not encrypt to the same value. For GCM mode, which uses CTR mode underneath, it is of vital importance that the IV is never repeated.

If you keep reading you'll find that:

For the Galois/Counter Mode (GCM) used by this specification, the IV must not be reused for any key and should be random, but it need not be secret.

For Java this means retrieving 12 random bytes from a SecureRandom instance; just obtaining that using new SecureRandom() is advisable.

---

The authentication tag will of course authenticate the ciphertext and therefore the encrypted message. This will make sure that authenticity and integrity of the message is maintained. For GCM the size of the authentication tag matters a lot; it's best kept to the max. size of 128 bits, which this spec does indeed.

---

The key size is indeed completely separate from the size of the IV and authentication tag.

If unsure, read the standard.