decipher.setAuthTag(buffer[, encoding])
buffer
<string> | <Buffer> | <ArrayBuffer> | <TypedArray> | <DataView>encoding
<string> 当buffer
是字符串时使用的字符串编码。- 返回: <Decipher> 用于方法链。
当使用认证的加密方式时(目前支持GCM
、CCM
、OCB
、chacha20-poly1305
),则接收到的认证标签采用 decipher.setAuthTag()
方式传入。
如果没有提供标签,或者密文被篡改,则抛出 decipher.final()
,表示由于认证失败,密文应该被丢弃。
如果标签长度根据 NIST SP 800-38D 无效或与 authTagLength
选项的值不匹配,则 decipher.setAuthTag()
将抛出错误。
CCM
模式必须在 decipher.update()
之前调用 decipher.setAuthTag()
方法,对于 GCM
和 OCB
模式以及 chacha20-poly1305
,必须在 decipher.final()
之前调用。
decipher.setAuthTag()
只能被调用一次。
将字符串作为身份验证标记传入时,请注意将字符串用作加密 API 的输入时的注意事项。
buffer
<string> | <Buffer> | <ArrayBuffer> | <TypedArray> | <DataView>encoding
<string> String encoding to use whenbuffer
is a string.- Returns: <Decipher> for method chaining.
When using an authenticated encryption mode (GCM
, CCM
, OCB
, and
chacha20-poly1305
are
currently supported), the decipher.setAuthTag()
method is used to pass in the
received authentication tag. If no tag is provided, or if the cipher text
has been tampered with, decipher.final()
will throw, indicating that the
cipher text should be discarded due to failed authentication. If the tag length
is invalid according to NIST SP 800-38D or does not match the value of the
authTagLength
option, decipher.setAuthTag()
will throw an error.
The decipher.setAuthTag()
method must be called before decipher.update()
for CCM
mode or before decipher.final()
for GCM
and OCB
modes and
chacha20-poly1305
.
decipher.setAuthTag()
can only be called once.
When passing a string as the authentication tag, please consider caveats when using strings as inputs to cryptographic APIs.