Hi,
We have developed a crypto service using the secure element S050E. We use aead encryption (AES_GCM) algorithm. I already asked in Re: SE050E aead encryption about the low speed of this process. Right now we are also experiencing a maximum block size for the input data we can have encrypted/decrypted. It is around around 400 bytes. In the table below I see that this maximum is around 256 bytes. I have the following questions:
1. What is the exact maximum input data length?
2. Is there any work around?
3. Is there an algorithm as secure as this, so we the amount of data can be encrypted is larger and also much faster than aead (like in order of ms).
Hi @Zarein94 ,
Maybe you are looking at the method of AeadOneShot, which has length limitation due to the APDU command spec, so for length larger than 256 bytes input , you may use the method of AeadUpdate, and the data input may be divided into multiple AeadUpdate commands.
Hope that makes sense,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
@Kan_Li As the AEAD encryption is quite slow in the secure element. Could you point me to some faster algorithm using secure element and It is as reliable and secure as AES_GCM for wifi cryptography.
Hi @Zarein94 ,
I expect AES GCM is in this case not needed directly for WiFi authentication but instead for some proprietary protocol transmitted over WiFi?
AEAD is just a mechanism to have data both encrypted and MACed. What are the alternatives depends on the goal to be reached. Just for encryption either AES-CBC or AES-CTR is as good as AES-GCM but much faster on the secure element. For MACing a CMAC/HMAC or a asymmetric signature could be used.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------