auth_data=

Sets the cipher's additional authenticated data. This field must be set when using AEAD cipher modes such as GCM or CCM. If no associated data shall be used, this method must still be called with a value of ââ. The contents of this field should be non-sensitive data which will be added to the ciphertext to generate the authentication tag which validates the contents of the ciphertext.

The AAD must be set prior to encryption or decryption. In encryption mode, it must be set after calling #encrypt and setting #key= and #iv=. When decrypting, the authenticated data must be set after key, iv and especially after the authentication tag has been set. I.e. set it only after calling #decrypt, #key=, #iv= and #auth_tag= first.