I went through the documentation and also had a few conversations with my colleagues but it is still unclear how exactly AES-256-GCM-SHA384 works.
Here's my understanding of what we need to encrypt and decrypt when we use AES-256-GCM.
1) To encrypt we need:
- key (32 bytes), probably derived from passPhrase and salt
- iv (12 bytes, typically), probably derived from passPhrase and salt
- plainText
And as a result I would expect to get:
- authentication tag (16 bytes)
- cipherText
2) To decrypt we need:
- key (32 bytes)
- iv (12 bytes, typically)
- authentication tag (16 bytes)
- cipherText
And as a result I would expect to get:
- plainText
================================
Here's what I see in the documentation:
================================
"For AES-GCM encryption, use the optional salt flag. This flag is used to randomize the keys, which are generated from the passphrase, and the Initialization Vectors (IV)."
Does it mean that "key" and "iv" is derived from passphrase and salt?
"In AES-256-GCM-SHA384 encryption, the SHA384 hash of the key, which is 384 bits value, is used to encrypt the value using the AES-GCM algorithm. The base 64 of this encrypted value is then inserted in the x-header."
How come the hash is used (48 bytes), whereas the key must be 32 bytes?
_____________________________
https://www.cisco.com/c/en/us/td/docs/wireless/asr_5000/21-11_6-5/ECS-Admin/21-11-ECS-Admin/21-11-ECS-Admin_chapter_011010.html#id_39217
***
encryption aes-256-gcm-sha384 [ salt ] [ encrypted ] key key
"Use aes-256-gcm-sha384 option to encrypt the x-header fields with AES-256-GCM algorithm and SHA384 to hash key in 384 bits.
Use the [ salt ] option for enhanced security. Use this additional option by generating new key each time the x-header is encrypted.
Use key option to enter the key that is used to encrypt and decrypt the x-header string. The key length for AES-256-GCM-SHA384 algorithm is 32 characters, which is equal to 256 bits."
_____________________________
https://www.cisco.com/c/en/us/td/docs/wireless/asr_5000/21-14_6-8/CLI/A-B/21-14-A-B_CLI_Reference/21-14-A-B_CLI_Reference_chapter_01001.html
So my questions are:
- what is used to encrypt? "key" and "iv"?
- what is the length of the "key"? 32 bytes?
- what is the length of "iv"? 12 bytes?
- how is "key" generated? the first 32 bytes of sha384 hash of "salt" + "passPhrase"?
- how is "iv" generated? some bytes of of sha384 hash of "salt" + "passPhrase"?
- what is "passPhrase" in relation to the config, because in the config I see only "key"?
- what is inserted into the header after the encryption? base64_encode("salt"+"auth_tag"+"cipherText")?
Thank you!