AES GCM Decryption - Mijick/AES-GCM-HKDF GitHub Wiki
Available Methods
This library provides three AES-GCM decryption methods, covering different levels of automation in key derivation and decryption.
| Method | Use Case |
|---|---|
| decrypt(privateKey: publicKey: derivationConfig: decryptionConfig:) | Generate a shared secret, derive a key, and decrypt data in one step. |
| decrypt(key: derivationConfig: decryptionConfig:) | Derive a key using HKDF, then decrypt the data. |
| decrypt(secret: configuration:) | Decrypt data using a pre-derived key. |
1️⃣ Configure
AES-GCM configuration
AES-GCM decryption requires configuration parameters to be executed.
Use M_AES_GSM_Configuration model to set-up them.
| Property | Type | Description |
|---|---|---|
| message | Data | The ciphertext (for decryption). |
| iv | Data | The Initialization Vector (IV). |
| add | Data | Optional. Additional Authenticated Data (AAD). |
| tag | Data | Authentication Tag. |
Usage
let cipertext: Data
let iv: Data
let add: Data
let tag: Data
let aesConfig = M_AES_GSM_Configuration(
ciperText: cipertext,
iv: iv,
add: add,
tag: tag
)
HKDF configuration
Take a look at HKDF configuration requirements here
2️⃣ AES-GCM+HKDF with key agreement
This method performs the full decryption process:
- Generates a shared secret using ECDH key agreement.
- Derives a key using HKDF.
- Decrypts data using AES-GCM.
func decrypt(privateKey: M_KeyProtocol,
publicKey: M_KeyProtocol,
derivationConfig: M_HKDF_Configuration,
aesConfig: M_AES_GSM_Configuration) throws -> Data
Usage
let privateKey = P256.KeyAgreement.PrivateKey()
let publicKey = privateKey.publicKey
let salt: Data
let info: Data
let cipertext: Data
let iv: Data
let add: Data
let tag: Data
let hkdfConfig = M_HKDF_Configuration(hashVariant: .sha256, salt: salt, info: info, length: 32)
let aesConfig = M_AES_GSM_Configuration(cipertext: cipertext, iv: iv, add: add, tag: tag)
let decryptedMessage = try M_AES_GCM_HKDF.decrypt(privateKey: privateKey,
publicKey: publicKey,
derivationConfig: hkdfConfig,
aesConfig: aesConfig)
3️⃣ AES-GCM+HKDF using key bytes
This method derives a key bytes using HKDF, then decrypts data.
func decrypt(key: Data, derivationConfig: M_HKDF_Configuration, aesConfig: M_AES_GSM_Configuration) throws -> Data
Usage
let key: Data
let salt: Data
let info: Data
let cipertext: Data
let iv: Data
let add: Data
let tag: Data
let hkdfConfig = M_HKDF_Configuration(hashVariant: .sha256, salt: salt, info: info, length: 32)
let aesConfig = M_AES_GSM_Configuration(cipertext: cipertext, iv: iv, add: add, tag: tag)
let decryptedMessage = try M_AES_GCM_HKDF.decrypt(key: key,
derivationConfig: hkdfConfig,
aesConfig: aesConfig)
4️⃣ AES-GCM using secret
This method decrypts data when you already have a symmetric key.
func decrypt(secret: Data, configuration: M_AES_GSM_Configuration) throws -> Data
Usage
let secret: Data
let cipertext: Data
let iv: Data
let add: Data
let tag: Data
let config = M_AES_GSM_Configuration(cipertext: cipertext, iv: iv, add: add, tag: tag)
let decryptedMessage = try M_AES_GCM_HKDF.decrypt(secret: secret, aesConfig: aesConfig)