segment hash clarification & issue

[strantalis]

This is another spot where we seem to be double encoding with hex and base64 but the spec and the actual current implementations don't currently align again.

It seems that we are just extracting the gcm authentication tag off the cipher text then hex and base64 encoding it. Is this because its already a mac or should we be actually generating a sha256 hash from it?

I guess either way this needs some discussion as this is another place that we need to either update the implementations or the spec.