doc: change AES-GCM IV recommendation in WebCrypto

PR-URL: nodejs#42611 Reviewed-By: Filip Skokan <panva.ip@gmail.com>
tniessen · Apr 12, 2022 · 6706be1 · 6706be1
1 parent 2f51e12
commit 6706be1
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/doc/api/webcrypto.md b/doc/api/webcrypto.md
@@ -1019,9 +1019,14 @@ added: v15.0.0
 
 * Type: {ArrayBuffer|TypedArray|DataView|Buffer}
 
-The initialization vector must be unique for every encryption operation
-using a given key. The AES-GCM specification recommends that
-this contain at least 12 random bytes.
+The initialization vector must be unique for every encryption operation using a
+given key.
+
+Ideally, this is a deterministic 12-byte value that is computed in such a way
+that it is guaranteed to be unique across all invocations that use the same key.
+Alternatively, the initialization vector may consist of at least 12
+cryptographically random bytes. For more information on constructing
+initialization vectors for AES-GCM, refer to Section 8 of [NIST SP 800-38D][].
 
 #### `aesGcmParams.name`
 
@@ -1923,5 +1928,6 @@ added: v15.0.0
 
 [JSON Web Key]: https://tools.ietf.org/html/rfc7517
 [Key usages]: #cryptokeyusages
+[NIST SP 800-38D]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
 [RFC 4122]: https://www.rfc-editor.org/rfc/rfc4122.txt
 [Web Crypto API]: https://www.w3.org/TR/WebCryptoAPI/