Considered a safe and efficient method of operation. It is a very popular choice for authenticated encryption
There are no other advantages from a security standpoint (as long as all modes of operation are configured as per the best practice).
GCM is used in many of the SSL/TLS cipher suites. It has various other applications as listed on this
It would be a mistake to encrypt 20 strings using an instance of the Crypt2 object, and then attempt to decrypt with the same Crypt2 object. To decrypt successfully, the app would need to instantiate a new Crypt2 object and then decrypt, so that the counters match.
Secure when done right, parallel encryption and decryption with authentication built in.
Not many. It is complicated to implement and can be catostrophical if not implemented correctly.
DO NOT roll your own Crypto! Use standard services and libraries.
It is NOT advisable in any circumstances to develop any sort of cryptography on your own. Instead , there are a few options for standard libraries that can be used.
These libraries offer better stability as they are usually a product of several years of experience in implementing cryptography by an active development community who are
dedicated towards efforts in implementation. It is therefore considered to be reliable and robust.
Openssl is one such library which popular and therefore is used as an example for this concept.
OpenSSL is not the only available crypto library. For a list of different libraries and a comparision
between them, visit here
The recommended version of OpenSSL is the latest 1.1.1. Some of them are additon the latest encryption standards and removal of older vulnerable ones.
Usage of Cryptography in Programming Languages
It is again advised to not roll out your own cryptography while developing software. There are popular libraries in almost all programming
languages that can readily be used to perform cryptographic operations.
There are multiple libraries that support AES in GCM mode. Some of them are:
- PyCrypto – The Python Cryptography Toolkit PyCrypto, extended in PyCryptoDome
- keyczar – Cryptography Toolkit keyczar
- M2Crypto – M2Crypto is the most complete OpenSSL wrapper for Python.
- Cryptography – Python library which exposes cryptographic recipes and primitives.
- PyNaCl – Python binding for libSodium (NaCl)
Cryptography is a popular library and here is a basic example of how it works:
>>> import os
>>> from cryptography.hazmat.primitives.ciphers.aead import AESCCM
>>> data = b"a secret message"
>>> aad = b"authenticated but unencrypted data"
>>> key = AESCCM.generate_key(bit_length=128)
>>> aesccm = AESCCM(key)
>>> nonce = os.urandom(13)
>>> ct = aesccm.encrypt(nonce, data, aad)
>>> aesccm.decrypt(nonce, ct, aad)
b'a secret message'
Some of the popular libraries in Java:
- Java Cryptography Extension, integrated in the Java Runtime Environment since version 1.4.2
- IAIK JCE
- Bouncy Castle Crypto Library
An example from the Java Cryptographic Extensions:
WIKI PAGE WITH OTHER LANGUAGES
SecretKey myKey = ...
byte myAAD = ...
byte plainText = ...
int myTLen = ...
byte myIv = ...
GCMParameterSpec myParams = new GCMParameterSpec(myTLen, myIv);
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
c.init(Cipher.ENCRYPT_MODE, myKey, myParams);
// AAD is optional, if present, it must be supplied before any update/doFinal calls.
c.updateAAD(myAAD); // if AAD is non-null
byte cipherText = new byte[c.getOutputSize(plainText.length)];
// conclusion of encryption operation
int actualOutputLen = c.doFinal(plainText, 0, plainText.length, cipherText);
// To decrypt, same AAD and GCM parameters must be supplied
c.init(Cipher.DECRYPT_MODE, myKey, myParams);
byte recoveredText = c.doFinal(cipherText, 0, actualOutputLen);
// MUST CHANGE IV VALUE if the same key were to be used again for encryption
byte newIv = ...;
myParams = new GCMParameterSpec(myTLen, newIv);