1

So I'm using the class AuthenticatedAes(Cng) from clrsecurity for encrypting with AES-GCM. I want to encrypt and decrypt using Streams, so I need to manually change the counter. How could I do that?

user11227590
  • 51
  • 1
  • 6
  • *so I need to manually change the counter.* Why do you think that? You should not need to touch the counter. – President James K. Polk Aug 14 '19 at 13:21
  • @JamesKPolk I want to stream data live, so I want to calculate the authentication tag for N(2048) blocks, so I can decrypt them while more data is coming through. – user11227590 Aug 14 '19 at 15:07
  • That is is a difficult case for GCM mode. However, manually changing the counter isn't going to help you solve it. You can create a new encryption context for each block, with a new IV. What should happen if 1) the attacker reorders two blocks, and 2) the attacker deletes an entire block from the stream? – President James K. Polk Aug 14 '19 at 15:28
  • @JamesKPolk It should detect the tampering and stop the connection. – user11227590 Aug 14 '19 at 15:51
  • Then I would use an idea that a SO crypto guy suggested, I think it was user @kelalaka. For each 2048 byte "block", create a new random 12 byte nonce `AuthenticatedAes` instance. You will prepend the IV to the cipher for the block. Furthermore, use the authentication tag of the previous block as the `AuthenticatedData` property of the instance. – President James K. Polk Aug 14 '19 at 16:17
  • On the decrypt side, you extract the nonce from the cipher, then make the previous authentication tag as `AuthenticatedData` property of the cipher instance and decrypt the block. If any blocks are tampered, dropped, or moved, the authentication tag will fail verification and you can react to the attack in the appropriate way. – President James K. Polk Aug 14 '19 at 16:17
  • Note that is an ad-hoc construction, not studied as far as I'm aware and thus should be considered suspect. You might want to ask about it on [crypto](https://crypto.stackexchange.com/). There may have some opinion on it and may be aware of a better analyzed alternative. – President James K. Polk Aug 14 '19 at 16:21
  • @JamesKPolk I already asked here: https://crypto.stackexchange.com/questions/72512/decrypt-authenticated-cipher-while-still-encrypting?noredirect=1#comment160463_72512. The counter thing was written there. – user11227590 Aug 14 '19 at 16:51
  • [Here](https://stackoverflow.com/a/54422153/238704) is the answer by user @kelalaka that I was referring to. – President James K. Polk Aug 14 '19 at 18:43
  • For what it’s worth: The AuthenticatedAes classes are part of an experimental package that is no longer supported. AES-GCM is available via the AesGcm class in .NET Core 3.0. – bartonjs Aug 15 '19 at 02:22

1 Answers1

-1

You can just set the AuthenticationData property. You can get those bytes from an long like that easy:
long counter = 0; aes.AuthenticationData = Encoding.ASCII.GetBytes(counter.ToString());
please upvote if it helped

K1ng_______________
  • 1