Package com.google.crypto.tink.aead.subtle

Class AesGcmSiv

  • All Implemented Interfaces:
    Aead
    @Alpha
public final class AesGcmSiv
extends java.lang.Object
implements Aead
    This primitive implements AES-GCM-SIV (as defined in RFC 8452) using JCE.

    This encryption mode is intended for authenticated encryption with associated data. A major security problem with AES-GCM is that reusing the same nonce twice leaks the authentication key. AES-GCM-SIV on the other hand has been designed to avoid this vulnerability.

    This encryption requires a JCE provider that supports the AES/GCM-SIV/NoPadding transformation such as Conscrypt. using JCE.

    • Constructor Summary

      Constructors 
      Constructor Description
      AesGcmSiv​(byte[] key)  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static Aead create​(AesGcmSivKey key)  
      byte[] decrypt​(byte[] ciphertext, byte[] associatedData)
      On Android KitKat (API level 19) this method does not support non null or non empty associatedData.
      byte[] encrypt​(byte[] plaintext, byte[] associatedData)
      On Android KitKat (API level 19) this method does not support non null or non empty associatedData.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • AesGcmSiv

        public AesGcmSiv​(byte[] key)
          throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException

    • Method Detail

      • create

        public static Aead create​(AesGcmSivKey key)
                   throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException

      • encrypt

        public byte[] encrypt​(byte[] plaintext,
                      byte[] associatedData)
               throws java.security.GeneralSecurityException
        On Android KitKat (API level 19) this method does not support non null or non empty associatedData. It might not work at all in older versions.
        Specified by:
        encrypt in interface Aead
        Parameters:
        plaintext - the plaintext to be encrypted. It must be non-null, but can also be an empty (zero-length) byte array
        associatedData - associated data to be authenticated, but not encrypted. Associated data is optional, so this parameter can be null. In this case the null value is equivalent to an empty (zero-length) byte array. For successful decryption the same associatedData must be provided along with the ciphertext.
        Returns:
        resulting ciphertext
        Throws:
        java.security.GeneralSecurityException

      • decrypt

        public byte[] decrypt​(byte[] ciphertext,
                      byte[] associatedData)
               throws java.security.GeneralSecurityException
        On Android KitKat (API level 19) this method does not support non null or non empty associatedData. It might not work at all in older versions.
        Specified by:
        decrypt in interface Aead
        Parameters:
        ciphertext - the plaintext to be decrypted. It must be non-null.
        associatedData - associated data to be authenticated. For successful decryption it must be the same as associatedData used during encryption. Can be null, which is equivalent to an empty (zero-length) byte array.
        Returns:
        resulting plaintext
        Throws:
        java.security.GeneralSecurityException - if decryption fails. Decryption must fail if ciphertext is not correctly authenticated for the given associatedData.