Aes256gcm
AES-256-GCM authenticated encryption, detached tag variant.
Requires AES-NI hardware support - call isAvailable() before use; libsodium will abort on CPUs without it. Uses a 12-byte nonce; always use a strict counter and rotate the key before reaching 2^32.
Summary
Functions
Section titled “Functions”isAvailable
Section titled “isAvailable”Aes256gcm . isAvailable ( ) -> boolean
Returns true if the current CPU supports AES-NI hardware acceleration.
Returns
| boolean |
keygen
Section titled “keygen”Aes256gcm . keygen ( ) -> buffer
Generates a random 32-byte AES-256-GCM key via libsodium’s CSPRNG.
Returns
| buffer |
encrypt
Section titled “encrypt”Aes256gcm . encrypt ( plaintext , key , nonce , ad ) -> EncryptResult
Encrypts plaintext with key (32 bytes) and nonce (12 bytes).
Returns { cipher, tag } where cipher is the same length as plaintext and tag is 16 bytes.
Parameters
| plaintext: buffer | |
| key: buffer | |
| nonce: buffer | |
| ad: buffer? |
Returns
| EncryptResult |
decrypt
Section titled “decrypt”Aes256gcm . decrypt ( cipher , tag , key , nonce , ad ) -> buffer
Decrypts cipher using its detached tag, key (32 bytes), and nonce (12 bytes).
Returns the plaintext buffer; errors if authentication tag does not verify.
Parameters
| cipher: buffer | |
| tag: buffer | |
| key: buffer | |
| nonce: buffer | |
| ad: buffer? |
Returns
| buffer |