You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
WARNING: Despite being the most popular AEAD construction due to its use in TLS, safely using AES-GCM in a different context is tricky.
No more than ~ 350 GB of input data should be encrypted with a given key. This is for ~ 16 KB messages – Actual figures vary according to message sizes.
> In addition, nonces are short and repeated nonces would totally destroy the security of this scheme. Nonces should thus come from atomic counters, which can be difficult to set up in a distributed environment.
> Unless you absolutely need AES-GCM, use AEGIS-256 (crypto_aead_aegis256_*()) instead.
> ... There are no plans to support non hardware-accelerated implementations of AES-GCM. If portability is a concern, use ChaCha20-Poly1305 instead.
Also see:
Want compatible for:
Possible Options
Ideally have existing tools, for compatibility. Which would them define container and algorithm(s) and parameters.
Articles
Possible libraries
C
Java
For Android, also research Kotlin libraries.
Javascript/ Typescript - Stretch Goal
For possible end-to-end encryption in web browser.
The text was updated successfully, but these errors were encountered: