000035074 - Error in RSA BSAFE "Allowable authentication tag length is 4, 8 or between 12 and 16" when creating new GCMParameterSpec using AES-GCM cipher

Document created by RSA Customer Support Employee on Apr 21, 2017Last modified by RSA Customer Support Employee on Aug 25, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035074
Applies ToRSA Product Set: BSAFE
RSA Product/Service Type: Crypto-J
RSA Version/Condition: 6.1.2
 
IssueThe following code may produce the error "Allowable authentication tag length is 4, 8 or between 12 and 16"
SecretKey secretKey;
byte[] iv = /* some bytes */;
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv);
cipher.init(1, secretKey, gcmSpec);

 
CauseBSAFE's Crypto-J GCMParameterSpec constructor that accepts an IV is not valid for encryption, as during encryption the IV will be generated by the API.
ResolutionUse a different GCMParameterSpec constructor, one that does not accept an IV.

Attachments

    Outcomes