Last modified Fri Sep 17 12:30:50 UTC 2021

<!DOCTYPE html>
<html lang="en">
	<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> 
	<meta name="viewport" content="width=device-width, initial-scale=1" />
	<title>What is AES-256-GCM | Safe Crypt App</title>
	<link rel="canonical" href="" />
	<link rel="stylesheet" href="../assets/css/info.css">
	<h1><span class="circle">i</span>&nbsp; What is AES-256-GCM?</h1> 
	<div class="hyphenate">


	<span class="ok">AES</span>, the Advanced Encryption Standard, 
 	is the current U.S. government standard for a
 	<em>symmetric-key encryption algorithm</em>.

	A&nbsp;symmetric-key algorithm, also known as a secret key algorithm,
	is a cryp&shy;togra&shy;phy algorithm that uses the same cryp&shy;togra&shy;phic key
	for both plaintext encryption and ciphertext decryption.

	AES has a block size of 128 bits and can have a key size of
	128, 192, or 256 bits.

	AES is defined in the U.S. 
	<a href="">
	Federal Information Processing Standard (FIPS) 197</a><span class="pdf">&nbsp;PDF</span><span class="linkout">*</span>
	and it is included in the ISO/IEC 18033-3 standard.

	It can be implemented in either software or hardware.

	Modern web browsers provide a low-level interface to cryp&shy;togra&shy;phy
	functions via the <a href="">
	W3C Web Cryp&shy;togra&shy;phy&nbsp;API</a><span class="linkout">*</span>.



	This <a href="../index.html">web app</a> uses a key size of <span class="ok">256</span> bits, which is currently considered
	strong enough to protect U.S. government sensitive and important data.
	In this app, the key is generated from a passphrase by running it through the
	<em>Password-Based Key Derivation Function&nbsp;2</em> (PBKDF2, defined in IETF's 
	<a href="">RFC 2898</a><span class="linkout">*</span>) one million times. 



	AES in <a href="">
	Galois/Counter Mode</a><span class="pdf">&nbsp;PDF</span><span class="linkout">*</span> or 
	<span class="ok">GCM</span> is an <em>authenticated encryption</em> algorithm
	(AEAD, authenticated encryption with associated data).
	It provides confidentiality and integrity protection by
	generating both the ciphertext and an authentication tag in a single pass.

	During decryption, the ciphertext and the authentication tag are passed 
	through the algorithm.

	If the calculated and expected authentication tags do not match, 
	decryption fails.

	Unlike the commonly used CBC mode, GCM is not susceptible to 
	<a href="">
	padding oracle attacks</a><span class="pdf">&nbsp;PDF</span><span class="linkout">*</span>.

	Nor has it the problems of ECB mode, which can 
	<a href="">
	reveal structures in the plaintext</a><span class="linkout">*</span>.


	The import or use of strong cryp&shy;togra&shy;phy methods, such as 256 bit AES, are banned in some countries.
	The list of these countries includes 
	Belarus, Brunei Darussalam, Iraq, Mongolia, Myanmar (Burma), North Korea, Russia,
	Tunisia, Turkmenistan, and Uzbekistan, but more countries might have been added
	or the situation might have changed in some of these countries.
	This is by no means a definitive list.
	Additionally, in some countries, a special license may be required.


	<div class="back"><a href="./index.html">BACK</a></div>