Short AES GCM Tags?

Valerie Peng valerie.peng at
Mon Apr 17 20:31:29 UTC 2017

The short tag length is not for general applications and their usage 
comes with additional requirements such as length of input data and 
lifetime of the key which SunJCE provider does not implement. Thus, 
SunJCE provider limits the supported tag length to the 5 values defined 
for general-purpose applications.


On 4/13/2017 1:58 PM, Mike Duigou wrote:
> I've discovered that the Java 8 JSSE doesn't allow 64 or 32 bit tags 
> to be used with AES GCM. (Enforced in CipherCore) I had hoped to use 
> short tags per the guidance of NIST Special Publication 800-38D 
> Appendix C. The Javadoc for GCMParameterSpec mentions 32 and 64 bit 
> tags but I can't find an explanation of why small tags are not 
> supported by Java 8 JSSE.
> Is there a reason that the short tags aren't offered?
> Thanks,
> Mike

More information about the security-dev mailing list