encryptthenMAC
Encrypt-then-MAC is a cryptographic construction used to provide both confidentiality and integrity. In this design, a plaintext P is first encrypted under a symmetric algorithm to produce ciphertext C, typically using a random per-message IV. A separate MAC key is then used to compute a message authentication code tag T over the ciphertext (and, if desired, additional authenticated data such as the IV and any associated data). The transmitted payload consists of the ciphertext, the IV, and the tag.
On receipt, the tag is verified with the MAC key using the same data (C, IV, AD).
Security: If the MAC is EUF-CMA secure and the encryption scheme is IND-CPA or stronger, and the
Practical considerations: Use separate keys for encryption and MAC (or derive distinct keys from a master key),