Symmetric ciphers
@webbuf/aesgcm
Rust/wasm optimized AES-GCM authenticated encryption
Install
npm install @webbuf/aesgcmUsage
import { aesgcmEncrypt, aesgcmDecrypt } from "@webbuf/aesgcm";
import { WebBuf } from "@webbuf/webbuf";
import { FixedBuf } from "@webbuf/fixedbuf";
const key = FixedBuf.fromRandom<32>(32); // AES-256
const plaintext = WebBuf.fromUtf8("Hello, AES-GCM!");
// Encrypt (nonce generated automatically)
const ciphertext = aesgcmEncrypt(plaintext, key);
// Decrypt (nonce extracted from ciphertext)
const decrypted = aesgcmDecrypt(ciphertext, key);
console.log(decrypted.toUtf8()); // "Hello, AES-GCM!"API reference (2 exports)
Functions
aesgcmDecrypt
functionAES-GCM authenticated decryption. Expects input layout `iv (12) || ciphertext || tag (16)` (the format produced by `aesgcmEncrypt`). The `aad` parameter must match the AAD supplied at encryption time, or AES-GCM authentication fails and this function throws. Empty AAD is the default.
aesgcmDecrypt(ciphertext: WebBuf, aesKey: FixedBuf<16> | FixedBuf<32>, aad?: WebBuf): WebBufaesgcmEncrypt
functionAES-GCM authenticated encryption. `aad` is optional Additional Authenticated Data — bytes that are authenticated by the AES-GCM tag but not encrypted and not transmitted in the output. The recipient must supply the same `aad` bytes the sender used; any mismatch causes `aesgcmDecrypt` to throw. Empty AAD is the default and produces output identical to AES-GCM with no AAD. Returns `iv (12 bytes) || ciphertext || tag (16 bytes)`.
aesgcmEncrypt(plaintext: WebBuf, aesKey: FixedBuf<16> | FixedBuf<32>, iv?: FixedBuf<12>, aad?: WebBuf): WebBuf