Filippo Valsorda :go: on Nostr: Last year I wrote that “I want to use XAES-256-GCM, which has a number of nice ...
Last year I wrote that “I want to use XAES-256-GCM, which has a number of nice properties and only the annoying defect of not existing.” Well, here we go.
A new extended-nonce AEAD designed for high-level APIs with random nonces and FIPS 140 compliance.
It's easy to describe and implement at a low level, but can be described at a high level as using a NIST KDF.
Complete of a C2SP spec, extensive test vectors, Go and OpenSSL reference code, and an alternatives section.
https://words.filippo.io/xaes-256-gcm/?source=Mastodon
A new extended-nonce AEAD designed for high-level APIs with random nonces and FIPS 140 compliance.
It's easy to describe and implement at a low level, but can be described at a high level as using a NIST KDF.
Complete of a C2SP spec, extensive test vectors, Go and OpenSSL reference code, and an alternatives section.
https://words.filippo.io/xaes-256-gcm/?source=Mastodon