Class AesGcm

The AesGcm class provides a comprehensive set of utilities for cryptographic operations using the Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM). This class includes methods for key generation, encryption, decryption, and conversions between raw byte arrays and JSON Web Key (JWK) formats. It is designed to support AES-GCM, a symmetric key algorithm that is widely used for its efficiency, security, and provision of authenticated encryption.

AES-GCM is particularly favored for scenarios that require both confidentiality and integrity of data. It integrates the counter mode of encryption with the Galois mode of authentication, offering high performance and parallel processing capabilities.

Key Features:

  • Key Generation: Generate AES symmetric keys in JWK format.
  • Key Conversion: Transform keys between raw byte arrays and JWK formats.
  • Encryption: Encrypt data using AES-GCM with the provided symmetric key.
  • Decryption: Decrypt data encrypted with AES-GCM using the corresponding symmetric key.

The methods in this class are asynchronous, returning Promises to accommodate various JavaScript environments.

Example

// Key Generation
const length = 256; // Length of the key in bits (e.g., 128, 192, 256)
const privateKey = await AesGcm.generateKey({ length });

// Encryption
const data = new TextEncoder().encode('Messsage');
const iv = new Uint8Array(12); // 12-byte initialization vector
const encryptedData = await AesGcm.encrypt({
  data,
  iv,
  key: privateKey
});

// Decryption
const decryptedData = await AesGcm.decrypt({
  data: encryptedData,
  iv,
  key: privateKey
});

// Key Conversion
const privateKeyBytes = await AesGcm.privateKeyToBytes({ privateKey });

Constructors

constructor

Methods

bytesToPrivateKey decrypt encrypt generateKey privateKeyToBytes

Constructors

constructor

Methods

Static bytesToPrivateKey

  • bytesToPrivateKey(params): Promise<Jwk>

  • Converts a raw private key in bytes to its corresponding JSON Web Key (JWK) format.

    Parameters

    • params: {
          privateKeyBytes: Uint8Array;
      }

      The parameters for the symmetric key conversion.

      • privateKeyBytes: Uint8Array

        The raw symmetric key as a Uint8Array.

    Returns Promise<Jwk>

    A Promise that resolves to the symmetric key in JWK format.

    Remarks

    This method accepts a symmetric key represented as a byte array (Uint8Array) and converts it into a JWK object for use with AES-GCM (Advanced Encryption Standard - Galois/Counter Mode). The conversion process involves encoding the key into base64url format and setting the appropriate JWK parameters.

    The resulting JWK object includes the following properties:

    • kty: Key Type, set to 'oct' for Octet Sequence (representing a symmetric key).
    • k: The symmetric key, base64url-encoded.
    • kid: Key ID, generated based on the JWK thumbprint.

    Example

    const privateKeyBytes = new Uint8Array([...]); // Replace with actual symmetric key bytes
    const privateKey = await AesGcm.bytesToPrivateKey({ privateKeyBytes });

Static decrypt

  • decrypt(params): Promise<Uint8Array>

  • Decrypts the provided data using AES-GCM.

    Parameters

    • params: {
          additionalData?: Uint8Array;
          data: Uint8Array;
          iv: Uint8Array;
          key: Jwk;
          tagLength?: 96 | 104 | 112 | 120 | 128;
      }

      The parameters for the decryption operation.

      • Optional additionalData?: Uint8Array

        Optional additional authenticated data. Optional.

      • data: Uint8Array

        The encrypted data to decrypt, represented as a Uint8Array.

      • iv: Uint8Array

        The initialization vector, represented as a Uint8Array.

      • key: Jwk

        The key to use for decryption, represented in JWK format.

      • Optional tagLength?: 96 | 104 | 112 | 120 | 128

        The length of the authentication tag in bits. Optional.

    Returns Promise<Uint8Array>

    A Promise that resolves to the decrypted data as a Uint8Array.

    Remarks

    This method performs AES-GCM decryption on the given encrypted data using the specified key. It requires an initialization vector (IV), the encrypted data along with the decryption key, and optionally, additional authenticated data (AAD). The method returns the decrypted data as a Uint8Array. The optional tagLength parameter specifies the size in bits of the authentication tag used when encrypting the data. If not specified, the default tag length of 128 bits is used.

    Example

    const encryptedData = new Uint8Array([...]); // Encrypted data
    const iv = new Uint8Array([...]); // Initialization vector used during encryption
    const additionalData = new Uint8Array([...]); // Optional additional authenticated data
    const key = { ... }; // A Jwk object representing the AES key
    const decryptedData = await AesGcm.decrypt({
      data: encryptedData,
      iv,
      additionalData,
      key,
      tagLength: 128 // Optional tag length in bits
    });

Static encrypt

  • encrypt(params): Promise<Uint8Array>

  • Encrypts the provided data using AES-GCM.

    Parameters

    • params: {
          additionalData?: Uint8Array;
          data: Uint8Array;
          iv: Uint8Array;
          key: Jwk;
          tagLength?: 96 | 104 | 112 | 120 | 128;
      }

      The parameters for the encryption operation.

      • Optional additionalData?: Uint8Array

        Optional additional authenticated data. Optional.

      • data: Uint8Array

        The data to encrypt, represented as a Uint8Array.

      • iv: Uint8Array

        The initialization vector, represented as a Uint8Array.

      • key: Jwk

        The key to use for encryption, represented in JWK format.

      • Optional tagLength?: 96 | 104 | 112 | 120 | 128

        The length of the authentication tag in bits. Optional.

    Returns Promise<Uint8Array>

    A Promise that resolves to the encrypted data as a Uint8Array.

    Remarks

    This method performs AES-GCM encryption on the given data using the specified key. It requires an initialization vector (IV), the encrypted data along with the decryption key, and optionally, additional authenticated data (AAD). The method returns the encrypted data as a Uint8Array. The optional tagLength parameter specifies the size in bits of the authentication tag generated in the encryption operation and used for authentication in the corresponding decryption. If not specified, the default tag length of 128 bits is used.

    Example

    const data = new TextEncoder().encode('Messsage');
    const iv = new Uint8Array([...]); // Initialization vector
    const additionalData = new Uint8Array([...]); // Optional additional authenticated data
    const key = { ... }; // A Jwk object representing an AES key
    const encryptedData = await AesGcm.encrypt({
      data,
      iv,
      additionalData,
      key,
      tagLength: 128 // Optional tag length in bits
    });

Static generateKey

  • generateKey(params): Promise<Jwk>

  • Generates a symmetric key for AES in Galois/Counter Mode (GCM) in JSON Web Key (JWK) format.

    Parameters

    • params: {
          length: 128 | 192 | 256;
      }

      The parameters for the key generation.

      • length: 128 | 192 | 256

        The length of the key in bits. Common lengths are 128, 192, and 256 bits.

    Returns Promise<Jwk>

    A Promise that resolves to the generated symmetric key in JWK format.

    Remarks

    This method creates a new symmetric key of a specified length suitable for use with AES-GCM encryption. It leverages cryptographically secure random number generation to ensure the uniqueness and security of the key. The generated key adheres to the JWK format, facilitating compatibility with common cryptographic standards and ease of use in various cryptographic applications.

    The generated key includes these components:

    • kty: Key Type, set to 'oct' for Octet Sequence, indicating a symmetric key.
    • k: The symmetric key component, base64url-encoded.
    • kid: Key ID, generated based on the JWK thumbprint, providing a unique identifier.

    Example

    const length = 256; // Length of the key in bits (e.g., 128, 192, 256)
    const privateKey = await AesGcm.generateKey({ length });

Static privateKeyToBytes

  • privateKeyToBytes(params): Promise<Uint8Array>

  • Converts a private key from JSON Web Key (JWK) format to a raw byte array (Uint8Array).

    Parameters

    • params: {
          privateKey: Jwk;
      }

      The parameters for the symmetric key conversion.

      • privateKey: Jwk

        The symmetric key in JWK format.

    Returns Promise<Uint8Array>

    A Promise that resolves to the symmetric key as a Uint8Array.

    Remarks

    This method takes a symmetric key in JWK format and extracts its raw byte representation. It focuses on the 'k' parameter of the JWK, which represents the symmetric key component in base64url encoding. The method decodes this value into a byte array, providing the symmetric key in its raw binary form.

    Example

    const privateKey = { ... }; // A symmetric key in JWK format
    const privateKeyBytes = await AesGcm.privateKeyToBytes({ privateKey });

Settings

Member Visibility

Theme

On This Page

constructorbytesToPrivateKeydecryptencryptgenerateKeyprivateKeyToBytes