https://community.nxp.com/t5/Secure-Authentication/Setting-AES-GCM-Authentication-Tag-Length-to-12-Bytes-for-DLMS/m-p/2150265#M1864 <P class="">Hi,</P><P class="">I am currently using the SE050E2 secure element for AES-GCM encryption and decryption operations. The encryption and decryption APIs work well, specifically the following function:</P><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><SPAN><STRONG>sss_status_t sss_aead_one_go( sss_aead_t *context, const uint8_t *srcData, uint8_t *destData, size_t size, uint8_t *nonce, size_t nonceLen, const uint8_t *aad, size_t aadLen, uint8_t *tag, size_t *tagLen);<BR /></STRONG><BR /></SPAN></DIV></DIV></DIV><DIV class=""><DIV class=""><SPAN>This API functions perfectly when the authentication tag length is 16 bytes. However, I am working with DLMS protocol payloads that require the authentication tag to be only 12 bytes in length.<BR /><BR /></SPAN></DIV></DIV></DIV></DIV><P class="">When I use this API to encrypt DLMS plain data, it generates an authentication tag of 16 bytes, but the DLMS standard expects a 12-byte tag. Similarly, for decryption, when the encrypted DLMS payload arrives with a 12-byte authentication tag, passing this 12-byte tag to the API results in a decryption failure, because the API expects the tag to be 16 bytes.</P><P class="">My question is:</P><P class=""><STRONG>Is there any way to configure or set the authentication tag length in the SE050E2 or its middleware so it can use a 12-byte tag as required by the DLMS standard?</STRONG></P><P class="">Currently, the API always returns a 16-byte tag after encryption, and requires a 16-byte tag for decryption. I want to ensure compatibility with DLMS devices that use 12-byte tags without causing decryption errors.</P><P class="">Any guidance on configuring AES-GCM tag length for SE050E2, or recommended approaches for handling this DLMS tag size mismatch, would be highly appreciated.</P><P class="">Thanks in advance!<BR /><BR />BR,<BR />Faizy</P> Mon, 11 Aug 2025 18:06:53 GMT Faizy98 2025-08-11T18:06:53Z https://community.nxp.com/t5/Secure-Authentication/Setting-AES-GCM-Authentication-Tag-Length-to-12-Bytes-for-DLMS/m-p/2150265#M1864 <P class="">Hi,</P><P class="">I am currently using the SE050E2 secure element for AES-GCM encryption and decryption operations. The encryption and decryption APIs work well, specifically the following function:</P><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><SPAN><STRONG>sss_status_t sss_aead_one_go( sss_aead_t *context, const uint8_t *srcData, uint8_t *destData, size_t size, uint8_t *nonce, size_t nonceLen, const uint8_t *aad, size_t aadLen, uint8_t *tag, size_t *tagLen);<BR /></STRONG><BR /></SPAN></DIV></DIV></DIV><DIV class=""><DIV class=""><SPAN>This API functions perfectly when the authentication tag length is 16 bytes. However, I am working with DLMS protocol payloads that require the authentication tag to be only 12 bytes in length.<BR /><BR /></SPAN></DIV></DIV></DIV></DIV><P class="">When I use this API to encrypt DLMS plain data, it generates an authentication tag of 16 bytes, but the DLMS standard expects a 12-byte tag. Similarly, for decryption, when the encrypted DLMS payload arrives with a 12-byte authentication tag, passing this 12-byte tag to the API results in a decryption failure, because the API expects the tag to be 16 bytes.</P><P class="">My question is:</P><P class=""><STRONG>Is there any way to configure or set the authentication tag length in the SE050E2 or its middleware so it can use a 12-byte tag as required by the DLMS standard?</STRONG></P><P class="">Currently, the API always returns a 16-byte tag after encryption, and requires a 16-byte tag for decryption. I want to ensure compatibility with DLMS devices that use 12-byte tags without causing decryption errors.</P><P class="">Any guidance on configuring AES-GCM tag length for SE050E2, or recommended approaches for handling this DLMS tag size mismatch, would be highly appreciated.</P><P class="">Thanks in advance!<BR /><BR />BR,<BR />Faizy</P> Mon, 11 Aug 2025 18:06:53 GMT https://community.nxp.com/t5/Secure-Authentication/Setting-AES-GCM-Authentication-Tag-Length-to-12-Bytes-for-DLMS/m-p/2150265#M1864 Faizy98 2025-08-11T18:06:53Z https://community.nxp.com/t5/Secure-Authentication/Setting-AES-GCM-Authentication-Tag-Length-to-12-Bytes-for-DLMS/m-p/2152249#M1865 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/253702">@Faizy98</a>&nbsp;,</P> <P>&nbsp;</P> <P>This is defined when you create the key for AEAD operation. please kindly refer to the following for details.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Kan_Li_1-1755162576795.png" style="width: 569px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/352423iF3080388BF9D9892/image-dimensions/569x498?v=v2" width="569" height="498" role="button" title="Kan_Li_1-1755162576795.png" alt="Kan_Li_1-1755162576795.png" /></span></P> <P>Have a great day,<BR />Kan</P> <P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 14 Aug 2025 09:10:09 GMT https://community.nxp.com/t5/Secure-Authentication/Setting-AES-GCM-Authentication-Tag-Length-to-12-Bytes-for-DLMS/m-p/2152249#M1865 Kan_Li 2025-08-14T09:10:09Z https://community.nxp.com/t5/Secure-Authentication/Setting-AES-GCM-Authentication-Tag-Length-to-12-Bytes-for-DLMS/m-p/2152408#M1866 <P>Thank you for your support.</P><P>BR,</P><P>Faizy</P> Thu, 14 Aug 2025 14:23:34 GMT https://community.nxp.com/t5/Secure-Authentication/Setting-AES-GCM-Authentication-Tag-Length-to-12-Bytes-for-DLMS/m-p/2152408#M1866 Faizy98 2025-08-14T14:23:34Z