As per the sandbox documentation, we need to encrypt health data using AES-GCM cipher during data push. We are using aes-256-gcm cipher however GCM ciphers generate tag authentication data and this data is required to decrypt the encrypted text. Typically, IV, cipher and tag data is required to decrypt. Both parties will be able to produce same IV and cipher is already decided. We are not sure how the tag is going to be exchanged with the other party.
You can refer to https://www.php.net/manual/en/function.openssl-encrypt.php . Although $tag
parameter is option, it is mandatory in case of GCM and it is required and will be needed to use in openssl_decrypt
.
We have tried to figure this out with Github gist provided for Java & C# but were unable to figure that out. Are we missing something here?