Example given:
"method": {
"algorithm": "AES-256-GCM",
"isStreamable": true,
"iv": "D6s7cSgFXzhVkran" // Base64 encoded IV
}
The explanation
The Base64 encoded Initialization Vector (IV) used with the symmetric algorithm. MUST be unique for each TDF encrypted with the same key. For AES-GCM, typically 12 bytes (96 bits).
seems questionable: The IV needs to be unique for each segment. All segments share a common DEK, so reusing the same IV for all payload segments is unsafe.
Example given:
The explanation
seems questionable: The IV needs to be unique for each segment. All segments share a common DEK, so reusing the same IV for all payload segments is unsafe.