Hi!
If encryption and authentication is used in DLMS, we need an encryption key (EK) and authentication key (AK).
The authentication tag is created using the AES-GCM algorithm, using the EK. From my point of view, the packet is then already authenticated by the owner of the EK because AES-GCM provides authenticated encryption.
I wonder, what is the purpose of adding an AK to the additional data of the crypto protection?
Thanks for any comments.
Hi, The encryption key is…
Hi,
The encryption key is used to cipher the data and the authentication key is used to count the authentication tag that is added after ciphered data.
DLM is using Galois/Counter Mode for ciphering. You can get more information from Galois/Counter Mode at Wikipedia:
https://en.wikipedia.org/wiki/Galois/Counter_Mode
BR,
Mikko