cloak v0.8.0 Cloak.Ciphers.AES.GCM View Source
A Cloak.Cipher which encrypts values with the AES cipher in GCM (block) mode.
Internally relies on Erlang’s :crypto.block_encrypt/4.
Link to this section Summary
Functions
Callback implementation for Cloak.Cipher.can_decrypt?/2. Determines whether
this module can decrypt the given ciphertext
Callback implementation for Cloak.Cipher.decrypt/2. Decrypts a value
encrypted with AES in GCM mode
Callback implementation for Cloak.Cipher.encrypt/2. Encrypts a value using
AES in GCM mode
Link to this section Functions
Callback implementation for Cloak.Cipher.can_decrypt?/2. Determines whether
this module can decrypt the given ciphertext.
Callback implementation for Cloak.Cipher.decrypt/2. Decrypts a value
encrypted with AES in GCM mode.
Callback implementation for Cloak.Cipher.encrypt/2. Encrypts a value using
AES in GCM mode.
Generates a random IV for every encryption, and prepends the key tag, IV, and ciphertag to the beginning of the ciphertext. The format can be diagrammed like this:
+----------------------------------------------------------+----------------------+
| HEADER | BODY |
+-------------------+---------------+----------------------+----------------------+
| Key Tag (n bytes) | IV (16 bytes) | Ciphertag (16 bytes) | Ciphertext (n bytes) |
+-------------------+---------------+----------------------+----------------------+
| |_________________________________
| |
+---------------+-----------------+-------------------+
| Type (1 byte) | Length (1 byte) | Key Tag (n bytes) |
+---------------+-----------------+-------------------+The Key Tag component of the header breaks down into a Type, Length,
and Value triplet for easy decoding.
Important: Because a random IV is used for every encryption, encrypt/2
will not produce the same ciphertext twice for the same value.