The Ultimate Developer’s Guide to AES-GCM: Encrypt and Decr…

metamitya · December 28, 2024

The Ultimate Developer’s Guide to AES-GCM: Encrypt and Decrypt with JavaScript and the Web Cryptography API
Hey developers 👋,
ever wondered about how secure your application really is? This guide will show you how to leverage the Web Cryptography API to protect your data effectively, focusing on AES-GCM encryption. We’ll break down the essentials of key management, encryption processes, and integrity checks, giving you a straightforward path to robust data security. Ready to elevate your security approach? Let’s dive in.
We will use the Web Cryptography API because it provides secure, standards-based methods for generating keys, hashing, signing, encrypting and decrypting data built directly into browsers. This enables a wide range of cryptographic operations that are essential for modern web applications. For the encryption algorithm, we’ll use AES-GCM, which is known for its efficiency and security.
AES-GCM (Advanced Encryption Standard — Galois/Counter Mode) is a symmetric key encryption algorithm that inherently requires a key to encrypt and decrypt data. The key could technically be any string. However, for enhanced security and to ensure data is secured with an additional password, we use PBKDF2 (Password-Based Key Derivation Function 2) for key derivation. PBKDF2 takes a password as input and produces a cryptographic key. It incorporates a salt to prevent rainbow table attacks and can perform many iterations to increase the computation time, thereby enhancing resistance against brute-force attacks.
Understanding Encryption: How It All Works
Before we deep dive into each component, let’s look at the process shown above and summarize the relevant components involved in securing data:
Key Derivation
Directly using user passwords as encryption keys is not advisable due to their predictability and vulnerability to being guessed or cracked through brute-force attacks. Instead, we use a key derivation process to transform these potentially weak passwords into strong, cryptographic keys.
- Password: Used as input for PBKDF2. Typically, user passwords may not be complex or random enough to serve as strong keys on their own. They often contain predictable patterns or are reused across different services, making them susceptible to attacks.
- Salt: Used as input for PBKDF2. The salt is a random value added to the password before key derivation. The salt ensures that even if two users have the same password, their derived keys will be different. It also protects against precomputed attacks, such as rainbow table attacks, where attackers use pre-generated hashes to crack passwords quickly.
- PBKDF2: This key derivation function is specifically designed to make deriving the key from the password computationally expensive and time-consuming. By incorporating the salt and performing many iterations, PBKDF2 effectively thwarts brute-force and other speed-based cracking attempts. The use of a hashing function like SHA-256 within PBKDF2 also ensures the integrity and randomness of the derived key.
- Encryption Key: The result of the key derivation process, used to encrypt the plaintext data. This key is significantly harder to reverse-engineer or guess compared to the original user password.
Encryption
With a robust encryption key in hand from our key derivation process, we move on to the encryption phase where this key is used to secure our data.
- Plaintext Data: The original data that needs to be encrypted. This data is combined with the encryption key to ensure it remains confidential.
- Initialization Vector (IV): A unique sequence used for each encryption operation to ensure that identical plaintext results in different ciphertexts every time.
- AES-GCM: This is the encryption algorithm we use.
- Encrypted Data (Ciphertext): The output of the encryption process, representing the encrypted version of the plaintext.
- Authentication Tag: Generated during the encryption, this tag helps verify the integrity and authenticity of the data upon decryption, ensuring the data has not been tampered with during transmission or storage.
Now, with a clear understanding of what each component does and how they interact, we can walk each step in more detail to understand their roles in the encryption and decryption processes.
How to create a secure Encryption Key?
The secure cryptographic key generation starts with the user’s password, processed through the PBKDF2 algorithm using SHA-256 hashing. This method enhances security by deterring brute-force attacks through computationally intensive operations and requires two steps:
Salt Generation
We use a cryptographically secure random number generator from the Web Cryptography API to create a random salt. This ensures that identical passwords do not produce the same encryption key.
const salt = window.crypto.getRandomValues(new Uint8Array(16)); // 128-bit salt
A 128-bit salt provides a high level of randomness, which is crucial for ensuring that each derived key is unique. With 2¹…