- Add information about the use of GCM Authentication tag

- Add requirement of additional authenticated data in the case that either status_code and/or status_message are in use

1 files changed, 7 insertions, 0 deletions

diff --git a/bip-0075.mediawiki b/bip-0075.mediawiki
index 95e620f..ef10c08 100644
--- a/bip-0075.mediawiki
+++ b/bip-0075.mediawiki
@@ -312,6 +312,13 @@ For the following we assume the Sender already knows the Receiver's public key,
 * Initialize AES-256 in GCM Mode
 ** Use HMAC_DRBG.GENERATE(32) as the Encryption Key (256 bits)
 ** Use HMAC_DRBG.GENERATE(16) as the Initialization Vector (IV) (128 bits)
+<br/><br/>
+
+====AES-256 GCM Authentication Tag Use====
+The 16 byte authentication tag resulting from the AES-GCM encrypt operation MUST be prefixed to the returned ciphertext. The decrypt operation will use the first 16 bytes of the ciphertext as the GCM authentication tag and the remainder of the ciphertext as the ciphertext in the decrypt operation.
+ 
+====AES-256 GCM Additional Authenticated Data====
+When either '''status_code''' OR '''status_message''' are present, the AES-256 GCM authenticated data used in both the encrypt and decrypt operations MUST be: STRING(status_code) || status_message. Otherwise, there is no additional authenticated data. This provides that, while not encrypted, the status_code and status_message are authenticated. 
 
 ===Initial Public Key Retrieval for InvoiceRequest Encryption===
 Initial public key retrieval for [[#InvoiceRequest|InvoiceRequest]] encryption via [[#EncryptedProtocolMessage|EncryptedProtocolMessage]] encapsulation can be done in a number of ways including, but not limited to, the following: