cloak v0.7.0 Cloak.Ciphers.AES.GCM View Source
A Cloak.Cipher
which encrypts values with the AES cipher in GCM (block) mode.
Internally relies on Erlang’s :crypto.block_encrypt/4
.
Link to this section Summary
Functions
Callback implementation for Cloak.Cipher.can_decrypt?/2
. Determines whether
this module can decrypt the given ciphertext
Callback implementation for Cloak.Cipher.decrypt/2
. Decrypts a value
encrypted with AES in GCM mode
Callback implementation for Cloak.Cipher.encrypt/2
. Encrypts a value using
AES in GCM mode
Link to this section Functions
Callback implementation for Cloak.Cipher.can_decrypt?/2
. Determines whether
this module can decrypt the given ciphertext.
Callback implementation for Cloak.Cipher.decrypt/2
. Decrypts a value
encrypted with AES in GCM mode.
Callback implementation for Cloak.Cipher.encrypt/2
. Encrypts a value using
AES in GCM mode.
Generates a random IV for every encryption, and prepends the key tag, IV, and ciphertag to the beginning of the ciphertext. The format can be diagrammed like this:
+----------------------------------------------------------+----------------------+
| HEADER | BODY |
+-------------------+---------------+----------------------+----------------------+
| Key Tag (n bytes) | IV (16 bytes) | Ciphertag (16 bytes) | Ciphertext (n bytes) |
+-------------------+---------------+----------------------+----------------------+
| |_________________________________
| |
+---------------+-----------------+-------------------+
| Type (1 byte) | Length (1 byte) | Key Tag (n bytes) |
+---------------+-----------------+-------------------+
The Key Tag
component of the header breaks down into a Type
, Length
,
and Value
triplet for easy decoding.
Important: Because a random IV is used for every encryption, encrypt/2
will not produce the same ciphertext twice for the same value.