Skip to main content

Module aes_gcm

Module aes_gcm 

Source
Expand description

ยงAES-256-GCM operations

Contains low level AES-256-GCM operations used by the rest of the crate.

In most cases you should use the EncString with KeyEncryptable & KeyDecryptable instead.

Note: AES-256-GCM encrypts data, and authenticates both the cipher text and associated data. This does not provide key-commitment, and assumes there can only be one key. It also has a short (96-bit) nonce, so a fresh key must be used per (small) set of messages to avoid nonce reuse; callers that derive a unique key per message (e.g. the secret-protected key envelope) satisfy this.

If multiple keys are possible, a key-committing cipher should be used to prevent invisible-salamander style attacks. https://eprint.iacr.org/2019/016.pdf https://soatok.blog/2024/09/10/invisible-salamanders-are-not-what-you-think/

Structsยง

Aes256Gcm ๐Ÿ”’
AES-256-GCM authenticated encryption with associated data.
Aes256GcmCiphertext ๐Ÿ”’
Aes256GcmNonce ๐Ÿ”’
A 96-bit AES-256-GCM nonce.

Constantsยง

KEY_SIZE ๐Ÿ”’
NONCE_SIZE ๐Ÿ”’