Class AesGcmAlgorithm

The AesGcmAlgorithm class provides a concrete implementation for cryptographic operations using the AES algorithm in Galois/Counter Mode (GCM). This class implements both Cipher and KeyGenerator interfaces, providing key generation, encryption, and decryption features.

This class is typically accessed through implementations that extend the CryptoApi interface.

Hierarchy (view full)

Implements

Constructors

constructor

Methods

decrypt encrypt generateKey

Constructors

constructor

Methods

decrypt

  • decrypt(params): Promise<Uint8Array>

  • Decrypts the provided data using AES-GCM.

    Parameters

    Returns Promise<Uint8Array>

    A Promise that resolves to the decrypted data as a Uint8Array.

    Remarks

    This method performs AES-GCM decryption on the given encrypted data using the specified key. It requires an initialization vector (IV), the encrypted data along with the decryption key, and optionally, additional authenticated data (AAD). The method returns the decrypted data as a Uint8Array. The optional tagLength parameter specifies the size in bits of the authentication tag used when encrypting the data. If not specified, the default tag length of 128 bits is used.

    Example

    const aesGcm = new AesGcmAlgorithm();
    const encryptedData = new Uint8Array([...]); // Encrypted data
    const iv = new Uint8Array([...]); // Initialization vector used during encryption
    const additionalData = new Uint8Array([...]); // Optional additional authenticated data
    const key = { ... }; // A Jwk object representing the AES key
    const decryptedData = await aesGcm.decrypt({
      data: encryptedData,
      iv,
      additionalData,
      key,
      tagLength: 128 // Optional tag length in bits
    });

encrypt

  • encrypt(params): Promise<Uint8Array>

  • Encrypts the provided data using AES-GCM.

    Parameters

    Returns Promise<Uint8Array>

    A Promise that resolves to the encrypted data as a Uint8Array.

    Remarks

    This method performs AES-GCM encryption on the given data using the specified key. It requires an initialization vector (IV), the encrypted data along with the decryption key, and optionally, additional authenticated data (AAD). The method returns the encrypted data as a Uint8Array. The optional tagLength parameter specifies the size in bits of the authentication tag generated in the encryption operation and used for authentication in the corresponding decryption. If not specified, the default tag length of 128 bits is used.

    Example

    const aesGcm = new AesGcmAlgorithm();
    const data = new TextEncoder().encode('Messsage');
    const iv = new Uint8Array([...]); // Initialization vector
    const additionalData = new Uint8Array([...]); // Optional additional authenticated data
    const key = { ... }; // A Jwk object representing an AES key
    const encryptedData = await aesGcm.encrypt({
      data,
      iv,
      additionalData,
      key,
      tagLength: 128 // Optional tag length in bits
    });

generateKey

  • generateKey(params): Promise<Jwk>

  • Generates a symmetric key for AES in Galois/Counter Mode (GCM) in JSON Web Key (JWK) format.

    Parameters

    Returns Promise<Jwk>

    A Promise that resolves to the generated symmetric key in JWK format.

    Remarks

    This method generates a symmetric AES key for use in GCM mode, based on the specified algorithm parameter which determines the key length. It uses cryptographically secure random number generation to ensure the uniqueness and security of the key. The key is returned in JWK format.

    The generated key includes the following components:

    • kty: Key Type, set to 'oct' for Octet Sequence.
    • k: The symmetric key component, base64url-encoded.
    • kid: Key ID, generated based on the JWK thumbprint.

    Example

    const aesGcm = new AesGcmAlgorithm();
    const privateKey = await aesGcm.generateKey({ algorithm: 'A256GCM' });

Settings

Member Visibility

Theme

On This Page

constructordecryptencryptgenerateKey