module
JOSE::JWA::AES_CBC_HMAC
Overview
AES-CBC with HMAC authentication per RFC 7516 Appendix B. key layout: mac_key (first half) ‖ enc_key (second half) tag = HMAC-SHA(mac_key, aad_len_be64 ‖ aad ‖ iv ‖ ciphertext)[0, tag_len]
Defined in:
jose/jwa/aes_cbc_hmac.crClass Method Summary
-
.decrypt(key : Bytes, iv : Bytes, ciphertext : Bytes, tag : Bytes, aad : Bytes) : Bytes
Decrypts ciphertext and verifies the HMAC tag.
-
.encrypt(key : Bytes, iv : Bytes, plaintext : Bytes, aad : Bytes) : Tuple(Bytes, Bytes)
Encrypts plaintext with key and iv, authenticating aad.
Class Method Detail
def self.decrypt(key : Bytes, iv : Bytes, ciphertext : Bytes, tag : Bytes, aad : Bytes) : Bytes
#
Decrypts ciphertext and verifies the HMAC tag.
Raises ArgumentError on tag mismatch.
def self.encrypt(key : Bytes, iv : Bytes, plaintext : Bytes, aad : Bytes) : Tuple(Bytes, Bytes)
#
Encrypts plaintext with key and iv, authenticating aad.
key is the composite key (MAC key ‖ ENC key): 32 bytes for
A128CBC-HS256, 48 for A192CBC-HS384, 64 for A256CBC-HS512.
iv must be 16 bytes (AES block size). aad is bound into the HMAC tag.
Returns {ciphertext, tag} where tag is the truncated HMAC output.