AES-256-GCM symmetric encryption.
Migration Notice (v0.2)
The IV size was changed from 32 bytes to the standard 12 bytes for GCM. Decryption automatically detects the IV size of the ciphertext:
- New ciphertexts use 12-byte IVs (standard, secure)
- Legacy ciphertexts with 32-byte IVs are still decryptable
Encryption always uses the new 12-byte IV format. To migrate legacy data, decrypt with the old key and re-encrypt — the new format is used automatically.
Summary
Functions
Decrypt ciphertext with a 32-byte key using AES-256-GCM.
Decrypt with explicit Additional Authenticated Data (AAD).
Encrypt plaintext with a 32-byte key using AES-256-GCM (12-byte IV).
Encrypt with explicit Additional Authenticated Data (AAD).
Create a new SymmetricKey from a 32-byte binary.
Get the raw key bytes.
Types
Functions
Decrypt ciphertext with a 32-byte key using AES-256-GCM.
Automatically detects IV size: tries 12-byte (current) first, then falls back to 32-byte (legacy) for backward compatibility.
Decrypt with explicit Additional Authenticated Data (AAD).
Encrypt plaintext with a 32-byte key using AES-256-GCM (12-byte IV).
The 2-arity version passes empty AAD (<<>>) for backward compatibility with
BRC-78 and other implementations. Use encrypt/3 to supply custom Additional
Authenticated Data for extra context binding.
Encrypt with explicit Additional Authenticated Data (AAD).
@spec new(<<_::256>>) :: t()
Create a new SymmetricKey from a 32-byte binary.
@spec to_bytes(t()) :: <<_::256>>
Get the raw key bytes.