From 02c9efa5b2b272c13ac01bc7863ae9786f8063d6 Mon Sep 17 00:00:00 2001 From: Michael DePouw Date: Mon, 30 Oct 2017 14:26:07 -0400 Subject: [PATCH] fix bad anchor link (#4665) reference: https://github.com/aspnet/Docs/issues/4651 --- .../security/data-protection/implementation/subkeyderivation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/security/data-protection/implementation/subkeyderivation.md b/aspnetcore/security/data-protection/implementation/subkeyderivation.md index 04d1ed9e0a..8bd4b3c18e 100644 --- a/aspnetcore/security/data-protection/implementation/subkeyderivation.md +++ b/aspnetcore/security/data-protection/implementation/subkeyderivation.md @@ -60,7 +60,7 @@ Once K_E is generated via the above mechanism, we generate a random initializati *output:= keyModifier || iv || E_cbc (K_E,iv,data) || HMAC(K_H, iv || E_cbc (K_E,iv,data))* > [!NOTE] -> The IDataProtector.Protect implementation will [prepend the magic header and key id](authenticated-encryption-details.md#data-protection-implementation-authenticated-encryption-details) to output before returning it to the caller. Because the magic header and key id are implicitly part of [AAD](xref:security/data-protection/implementation/subkeyderivation#data-protection-implementation-subkey-derivation-aad), and because the key modifier is fed as input to the KDF, this means that every single byte of the final returned payload is authenticated by the MAC. +> The IDataProtector.Protect implementation will [prepend the magic header and key id](authenticated-encryption-details.md) to output before returning it to the caller. Because the magic header and key id are implicitly part of [AAD](xref:security/data-protection/implementation/subkeyderivation#data-protection-implementation-subkey-derivation-aad), and because the key modifier is fed as input to the KDF, this means that every single byte of the final returned payload is authenticated by the MAC. ## Galois/Counter Mode encryption + validation