Expand description
ยงAES-256-GCM operations
Contains low level AES-256-GCM operations used by the rest of the crate.
In most cases you should use the EncString with KeyEncryptable & KeyDecryptable instead.
Note: AES-256-GCM encrypts data, and authenticates both the cipher text and associated data. This does not provide key-commitment, and assumes there can only be one key. It also has a short (96-bit) nonce, so a fresh key must be used per (small) set of messages to avoid nonce reuse; callers that derive a unique key per message (e.g. the secret-protected key envelope) satisfy this.
If multiple keys are possible, a key-committing cipher should be used to prevent
invisible-salamander style attacks.
https://eprint.iacr.org/2019/016.pdf
https://soatok.blog/2024/09/10/invisible-salamanders-are-not-what-you-think/
Structsยง
- Aes256
Gcm ๐ - AES-256-GCM authenticated encryption with associated data.
- Aes256
GcmCiphertext ๐ - Aes256
GcmNonce ๐ - A 96-bit AES-256-GCM nonce.
Constantsยง
- KEY_
SIZE ๐ - NONCE_
SIZE ๐