aes-gcm | Standalone AES-GCM library | TLS library

I'm starting to implement AES-GCM on STM32H753 (rev V).

I've found an inconsistency between the HAL and the Ref Manual.

The STMicro HAL for AES for STM32H7x3 is setting some bits called NPBLB in CRYP_CR register if the product revision is above rev B.

But these bits are not documented in the ref manual rev 7.

Is it just an error of the HAL ?

I'm generating a key for encrypting data, then wrap it using a master key and store it alongside the encrypted data. All is well when wrapping into raw format, but when wrapping as jwk I get the error DOMException: Data provided to an operation does not meet requirements.

It works when specifying they key for being used either for encryption or for decryption, but not when both are specified as key usages.

I encrypt a text in Java and want to decrypt in Javascript and vice versa, my Java code looks like this

I'm looking for a complete JS crypto library: all SHAs, AEAD (chacha/poly, aes-gcm), all AESs, NIST and SECP P256 and ED25519 support, ECDSA, ECDH/E, etc.

It looks like the nodeJS crypto module has full support of everything I need, but it says it is a wrapper around OpenSSL.

Does this mean some functions may not work if a user does not have OpenSSL installed (or an outdated version)? I assume it does, but that is very unlike Node, so I want to be sure.

If so, are there are any "complete" libraries out there? libsodium, sjcl, and crypto-js are insufficient (I could piece together a sol'n from multiple libs if necessary).

We are implementing encryption at rest in Kubernetes by this tutorial (https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/) and we are absolutely not sure why AES-GCM encryption provider requires to rotate the key every 200K writes, because of lack of knowledge about how encryption works. Also, what exactly means: "200K writes", how can we define that we should rotate the key? Thank you

We have an Expo React Native Project utilizing encryption. Our current encryption is based on SubtleCrypto / Web API [window.subtle.crypto], using AES-GCM 128, now we need to use a library that is universally available on all platforms [Web, iOS and Android], from my previous question, we've found SJCL that supports GCM mode and we can completely replace all the web-only based code BUT the challenge is that we need to ensure that all the current encrypted data is decrypted at this new library too, we have to make it so:

window.crypto.subtle.encrypt [AES-GCM 128] => (a) ---> SJCL.mode.gcm.decrypt(a)

Once we can do that successfully, we can fully replace the library and have universal platform support as well as backwards compatibility.

This means that we cannot change the way encryption is handled at all, as that is the requirement, and we're encrypting it exactly as the code below.

I got a very good lead here by Neneil94 but I'm still facing issues at encoding / formats; and here's the current code:

I've Encrypted my text by a key in Client by AES-256-GCM algorithm and I can decrypt it in Client, But when I send it to the Backend which has a SharedKey(the same as the Client has), it can decrypt the message by AES-256-CTR algorithm(I used this algo because the AES-256-GCM in Nodejs needs authTag that I don't create it in Client and iv is the only thing I have).

When I decrypt the message on the Backend side, it works with no error, but the result is not what I encrypted in the Client

Here is what I wrote: Client:

I generate a pair public/private key on Client and send the publicKey to the Server and the backend will generate a sharedKey on its side and respond me a publicKey which help me to generate a sharedKey on the client too for encryption/decryption. So I encrypt a message by AES-256-GCM on Nodejs and decrypted the message on the Client.

Backend-Side:

I tried to search stackoverflow for an answer to this particular question but couldn't find a good answer.

The BouncyCastle API offers a ton of different encryption algorithms for .NET. In this case I have to select an encryption algorithm for the following use case:

1. Encrypting several thousand short strings for storage in an unencrypted file, typical length 10-30 characters.

2. Encryption needs to be only moderately secure, all strings will be encrypted with the same key but a different initialization vector. Things like authorization (like in AES-GCM) are not needed.

Which encryption algorithm is both fastest and straightforward to apply for encrypting and decrypting such a set of several thousand small strings? I will store the encrypted data of each string as BASE64 in the file.

Thank you for your advice!