Skip to content

Commit 193d6d1

Browse files
tniessentargos
authored andcommitted
doc: update notes about GCM decryption
Given that #17825 and #20039 have landed on master, this statement is no longer true. PR-URL: #21445 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
1 parent fd520e7 commit 193d6d1

File tree

1 file changed

+2
-10
lines changed

1 file changed

+2
-10
lines changed

doc/api/crypto.md

+2-10
Original file line numberDiff line numberDiff line change
@@ -441,16 +441,8 @@ supported), the `decipher.setAuthTag()` method is used to pass in the
441441
received _authentication tag_. If no tag is provided, or if the cipher text
442442
has been tampered with, [`decipher.final()`][] will throw, indicating that the
443443
cipher text should be discarded due to failed authentication. If the tag length
444-
is invalid according to [NIST SP 800-38D][], `decipher.setAuthTag()` will throw
445-
an error.
446-
447-
Note that this Node.js version does not verify the length of GCM authentication
448-
tags. Such a check *must* be implemented by applications and is crucial to the
449-
authenticity of the encrypted data, otherwise, an attacker can use an
450-
arbitrarily short authentication tag to increase the chances of successfully
451-
passing authentication (up to 0.39%). It is highly recommended to associate one
452-
of the values 16, 15, 14, 13, 12, 8 or 4 bytes with each key, and to only permit
453-
authentication tags of that length, see [NIST SP 800-38D][].
444+
is invalid according to [NIST SP 800-38D][] or does not match the value of the
445+
`authTagLength` option, `decipher.setAuthTag()` will throw an error.
454446

455447
The `decipher.setAuthTag()` method must be called before
456448
[`decipher.final()`][].

0 commit comments

Comments
 (0)