AES-GCM authenticated encryption • AES-GCM (Galois/Counter…
AES-GCM authenticated encryption
• AES-GCM (Galois/Counter Mode) provides authenticated encryption, ensuring confidentiality and authentication, while enabling integrity checks for additional authenticated data (AAD) sent in clear text.
• The specifications for AES-GCM are outlined in NIST Special Publication 800-38D.
• Four inputs are necessary for authenticated encryption: a secret key, an initialization vector (IV or nonce), plaintext, and optional AAD, with the nonce and AAD transmitted in clear text.
• The encryption process produces two outputs: ciphertext (which is the same length as the plaintext) and an authentication tag (also known as a message authentication code or integrity check value).
• This Toolkit implements AES-GCM in accordance with RFC 5116, which defines the interface and algorithms for authenticated encryption.
• The Toolkit mandates a fixed-length nonce (IV) of 12 bytes (96 bits) and a fixed-length tag of 16 bytes (128 bits), with no options for varying these lengths.
• Support is provided for the AES-192-GCM algorithm, in addition to AES-128-GCM and AES-256-GCM as specified in RFC 5116.
• The authentication tag is automatically appended to the encryption output, and the IV can optionally be prepended, following the guidelines from XML Encryption Syntax and Processing Version 1.1.
• In this context, the terms "IV" and "nonce" are used interchangeably.