How come putting the GCM authentication tag at the end of a cipher stream require internal buffering during decryption?

Question

In Java, the \"default\" AES/GCM provider SunJCE will - during the decryption process - internally buffer 1) encrypted bytes used as input or 2) decrypted bytes

Answer 1

Until entire ciphertext is known, algorithm can't tell if it was correct or tampered with. No decrypted bytes can be returned to use before decryption and authentication are completed.

Ciphertext buffering may be caused by the reasons @NameSpace mentioned, but plaintext buffering is here to not to let you shoot into your own leg.

Your best option is to encrypt data in small chunks. And don't forget to change nonce value between them.