How are the IV and authentication tag handled for “AES/GCM/NoPadding”?
Q1: Is the IV returned by cipher.getIV() safe for me to use in this way? Yes, it is at least for the Oracle provided implementation. It is generated separately using the default SecureRandom implementation. As it is 12 bytes in size (the default for GCM) then you have 96 bits of randomness. The chance that … Read more