feeding associated data in GCM cipher mode

[MeanMangosteen]

MatrixAI/Polykey#14 (comment)

The 'with associated data (AD)' part means that you can feed additional data into the algorithm to tie the ciphertext to some context. This is so

attempts to "cut-and-paste" a valid ciphertext into a different context are detected and rejected.

Most commonly, the AD would be the header of an encrypted network packet, but in our case the AD could be the filename and/or metadata which would bind it its ciphered file data.

We have to decide what sort data would be most appropriate to use as AD. Or whether to use AD at all. It is optional.

[CMCDragonkai]

What is the AD used for here? Provide further integrity?

[MeanMangosteen]

From what I understand, it to provide integrity to information that is not part of the cipher text but still bound to the ciphertext. This would be plaintext stuff like salts, IVs, version numbers, config params in the header etc...

If an attacker were to manipulation them, the system will not be ignorant to the changes, as it will not be able to authenticate the manipulated data.

[CMCDragonkai]

What are we using this for? #11 or #8?

[CMCDragonkai]

So to conclude, the AD is useful for maintaining the integrity of chunk-level metadata. However #11 and #8 is about file level metadata where we are going to maintain both the plaintext metadata and encrypted-fs metadata. So this is not needed right now. When we have relevant chunk-level metadata, we can revisit this.