GCM Implementation and TLSCompressed.Length

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Oct 18 15:37:44 CEST 2011

On 10/18/2011 01:30 PM, Alfredo Pironti wrote:
> Dear Nikos,
> Thank you very much, that clarified things a lot. I re-read docs in
> this perspective and things work now (still, I find TLS RFC a bit
> misleading when citing padding in the AEAD section).
> Practically, when I have an AEAD ciphertext in GCM mode, I subtract 16
> to its length (in bytes), and that's the plaintext length, isn't it?

You have to subtract the AEAD explicit data and the tag (16+8).

Check how gnutls does it:



More information about the Gnutls-help mailing list