For GMac SecuritySuite and Authentication Security DLMSDirector doesn't allow to enter Block Cipher Key.
While CGM operations requires both Authentication Key and Block Cipher Key. Even if we use Authentication only Security
You need to select AuthenticationEncryption as Security. Block cipher key is disabled If you select only Authentication.
Block cipher key is not needed if you use only authentication level security. Block cipher key is used to encrypt the data and an authentication key is used to count authentication tag for the data.
No matter what kind of security is used (except None), to get the authentication tag you anyway need to perform GMAC authenticated encryption function, using Block Cipher Key as encryption key. Authentication key used in this function as part of AAD.
For Authentication security, cipher text of this function is not used. Only authentication tag is used. But the function have to be performed anyway.
You are right, that AAD not used for Encrpyt-only.
But, BlockCipherKey, used as Encryption key (EK) in any mode.
Hereafter is picture from DLMS green book
Data is not ciphered In authentication only mode. For this reason, only the authentication key is needed.
This picture is not very good and there is too much information. Its main purpose it demonstrates how the security control byte is constructed.
Hi,
Hi,
You need to select AuthenticationEncryption as Security. Block cipher key is disabled If you select only Authentication.
Block cipher key is not needed if you use only authentication level security. Block cipher key is used to encrypt the data and an authentication key is used to count authentication tag for the data.
BR,
Mikko
Hi,
Hi,
No matter what kind of security is used (except None), to get the authentication tag you anyway need to perform GMAC authenticated encryption function, using Block Cipher Key as encryption key. Authentication key used in this function as part of AAD.
For Authentication security, cipher text of this function is not used. Only authentication tag is used. But the function have to be performed anyway.
regards,
Vitaly
Hi Vitaly,
Hi Vitaly,
It's possible to do the following:
1. Encrypt the data.
2. Authenticate data.
3. Encrypt and authenticate the data.
The block cipher key is needed for 1 and 3.
The authentication key is needed for 2 and 3.
AAD is not used at all in #1.
BR,
Mikko
Hi, Mikko
Hi, Mikko
You are right, that AAD not used for Encrpyt-only.
But, BlockCipherKey, used as Encryption key (EK) in any mode.
Hereafter is picture from DLMS green book
Hi,
Hi,
Data is not ciphered In authentication only mode. For this reason, only the authentication key is needed.
This picture is not very good and there is too much information. Its main purpose it demonstrates how the security control byte is constructed.
BR,
Mikko
Hi,
Hi,
Chiper (with EK) have to be used in Authentcation-only mode to get Authentication Tag (T is not equal to A)).
GXDLMSDirector throws "index was outside the bounds of the array" exception in GMAC authentication-only mode, if BlockCiperKey has never been set.
Hi,
Hi,
This is changed as it was. Get the latest version.
BR,
Mikko