This came up again in a different context and that reminded me of something: I recently learnt why combining GCM and streaming is problematic.
IMPORTANT I’m not an expert on secure design; please keep that in mind as you read the following.
One general rule of security is that you shouldn’t do encryption without authentication. GCM is an authenticated encryption algorithm, which is cool. However, the authentication doesn’t actually happen until you get to the end of the data. This isn’t a problem for one-shot APIs, because they do the decryption and authentication in one go. However, it’s a serious problem for streaming APIs. These give you back chunks of decrypted text before the authentication is done and, in general, it’s not safe to work with such data.
If you want to learn more about this, hopefully from someone who is a secure design expert, search the ’net for the term releasing unverified plaintext, or RUP for short.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"