AES-GCM

Jan 1, 0001

Definition

AES-GCM (Advanced Encryption Standard in Galois/Counter Mode) is a symmetric encryption algorithm that combines the AES block cipher with Galois/Counter Mode to provide both data confidentiality and integrity. It is widely used due to its efficiency and performance, offering authenticated encryption with associated data (AEAD), which ensures that both the encrypted data and additional authenticated data are protected against tampering.

Secure Settings Example

from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
import os

# Secure key and nonce generation
key = os.urandom(32)  # 256-bit key for AES-256
nonce = os.urandom(12)  # 96-bit nonce for GCM

# AES-GCM encryption
cipher = Cipher(algorithms.AES(key), modes.GCM(nonce), backend=default_backend())
encryptor = cipher.encryptor()

# Encrypt data
plaintext = b"Sensitive data"
ciphertext = encryptor.update(plaintext) + encryptor.finalize()

# Authentication tag
tag = encryptor.tag

Insecure Settings Example

from Crypto.Cipher import AES
import os

# Insecure key and nonce generation
key = b'weakkey'  # Weak key, not using os.urandom
nonce = b'12345678'  # Short and predictable nonce

# AES-GCM encryption
cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)

# Encrypt data
plaintext = b"Sensitive data"
ciphertext, tag = cipher.encrypt_and_digest(plaintext)

AES-GCM

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter