class AES256GCM : AutoCloseable
(source)
Authenticated Encryption with Additional Data using AES-GCM.
WARNING: Despite being the most popular AEAD construction due to its use in TLS, safely using AES-GCM in a different context is tricky.
No more than ~350 GB of input data should be encrypted with a given key. This is for ~16 KB messages -- Actual figures vary according to message sizes.
In addition, nonces are short and repeated nonces would totally destroy the security of this scheme. Nonces should thus come from atomic counters, which can be difficult to set up in a distributed environment.
Unless you absolutely need AES-GCM, use XChaCha20Poly1305
instead. It doesn't have any of these limitations. Or, if you don't need to authenticate additional data, just stick to Sodium#crypto_box(byte[], byte[], long, byte[], byte[], byte[])
.
This class depends upon the JNR-FFI library being available on the classpath, along with its dependencies. See https://github.com/jnr/jnr-ffi. JNR-FFI can be included using the gradle dependency 'com.github.jnr:jnr-ffi'.
Key |
An AES256-GSM key. class Key : Destroyable |
Nonce |
An AES256-GSM nonce. class Nonce |
close |
fun close(): Unit |
decrypt |
Decrypt a message. fun decrypt(cipherText: Bytes!, nonce: Nonce!): Bytes? fun decrypt(cipherText: ByteArray!, nonce: Nonce!): ByteArray? fun decrypt(cipherText: Bytes!, data: Bytes!, nonce: Nonce!): Bytes? fun decrypt(cipherText: ByteArray!, data: ByteArray!, nonce: Nonce!): ByteArray?
Decrypt a message using a given key. static fun decrypt(cipherText: Bytes!, key: Key!, nonce: Nonce!): Bytes? static fun decrypt(cipherText: ByteArray!, key: Key!, nonce: Nonce!): ByteArray? static fun decrypt(cipherText: Bytes!, data: Bytes!, key: Key!, nonce: Nonce!): Bytes? static fun decrypt(cipherText: ByteArray!, data: ByteArray!, key: Key!, nonce: Nonce!): ByteArray? |
decryptDetached |
Decrypt a message using a detached message authentication code. fun decryptDetached(cipherText: Bytes!, mac: Bytes!, nonce: Nonce!): Bytes? fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, nonce: Nonce!): ByteArray? fun decryptDetached(cipherText: Bytes!, mac: Bytes!, data: Bytes!, nonce: Nonce!): Bytes? fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, data: ByteArray!, nonce: Nonce!): ByteArray?
Decrypt a message using a given key and a detached message authentication code. static fun decryptDetached(cipherText: Bytes!, mac: Bytes!, key: Key!, nonce: Nonce!): Bytes? static fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, key: Key!, nonce: Nonce!): ByteArray? static fun decryptDetached(cipherText: Bytes!, mac: Bytes!, data: Bytes!, key: Key!, nonce: Nonce!): Bytes? static fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, data: ByteArray!, key: Key!, nonce: Nonce!): ByteArray? |
encrypt |
Encrypt a message. fun encrypt(message: Bytes!, nonce: Nonce!): Bytes! fun encrypt(message: ByteArray!, nonce: Nonce!): ByteArray! fun encrypt(message: Bytes!, data: Bytes!, nonce: Nonce!): Bytes! fun encrypt(message: ByteArray!, data: ByteArray!, nonce: Nonce!): ByteArray!
Encrypt a message for a given key. static fun encrypt(message: Bytes!, key: Key!, nonce: Nonce!): Bytes! static fun encrypt(message: ByteArray!, key: Key!, nonce: Nonce!): ByteArray! static fun encrypt(message: Bytes!, data: Bytes!, key: Key!, nonce: Nonce!): Bytes! static fun encrypt(message: ByteArray!, data: ByteArray!, key: Key!, nonce: Nonce!): ByteArray! |
encryptDetached |
Encrypt a message, generating a detached message authentication code. fun encryptDetached(message: Bytes!, nonce: Nonce!): DetachedEncryptionResult! fun encryptDetached(message: ByteArray!, nonce: Nonce!): DetachedEncryptionResult! fun encryptDetached(message: Bytes!, data: Bytes!, nonce: Nonce!): DetachedEncryptionResult! fun encryptDetached(message: ByteArray!, data: ByteArray!, nonce: Nonce!): DetachedEncryptionResult!
Encrypt a message for a given key, generating a detached message authentication code. static fun encryptDetached(message: Bytes!, key: Key!, nonce: Nonce!): DetachedEncryptionResult! static fun encryptDetached(message: ByteArray!, key: Key!, nonce: Nonce!): DetachedEncryptionResult! static fun encryptDetached(message: Bytes!, data: Bytes!, key: Key!, nonce: Nonce!): DetachedEncryptionResult! static fun encryptDetached(message: ByteArray!, data: ByteArray!, key: Key!, nonce: Nonce!): DetachedEncryptionResult! |
finalize |
fun finalize(): Unit |
forKey |
Pre-compute the expansion for the key. static fun forKey(key: Key!): AES256GCM! |
isAvailable |
Check if Sodium and the AES256-GCM algorithm is available. static fun isAvailable(): Boolean |