From 32a87dfa7e4674157fbe5da842dd0bbdef5c411d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Tue, 12 Apr 2022 02:42:41 +0200 Subject: [PATCH] doc: change AES-GCM IV recommendation in WebCrypto PR-URL: https://github.com/nodejs/node/pull/42611 Reviewed-By: Filip Skokan --- doc/api/webcrypto.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/doc/api/webcrypto.md b/doc/api/webcrypto.md index 618a9cfdcfce4c..e752eaff5916e9 100644 --- a/doc/api/webcrypto.md +++ b/doc/api/webcrypto.md @@ -1019,9 +1019,14 @@ added: v15.0.0 * Type: {ArrayBuffer|TypedArray|DataView|Buffer} -The initialization vector must be unique for every encryption operation -using a given key. The AES-GCM specification recommends that -this contain at least 12 random bytes. +The initialization vector must be unique for every encryption operation using a +given key. + +Ideally, this is a deterministic 12-byte value that is computed in such a way +that it is guaranteed to be unique across all invocations that use the same key. +Alternatively, the initialization vector may consist of at least 12 +cryptographically random bytes. For more information on constructing +initialization vectors for AES-GCM, refer to Section 8 of [NIST SP 800-38D][]. #### `aesGcmParams.name` @@ -1923,5 +1928,6 @@ added: v15.0.0 [JSON Web Key]: https://tools.ietf.org/html/rfc7517 [Key usages]: #cryptokeyusages +[NIST SP 800-38D]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf [RFC 4122]: https://www.rfc-editor.org/rfc/rfc4122.txt [Web Crypto API]: https://www.w3.org/TR/WebCryptoAPI/