Class Aead
The Aead class provides authenticated encryption with associated data. This class provides a high-level interface to Miscreant's misuse-resistant encryption.
Implements
Inherited Members
Namespace: Confluent.SchemaRegistry.Encryption.Vendored.Miscreant
Assembly: Confluent.SchemaRegistry.Encryption.dll
Syntax
public sealed class Aead : IDisposableMethods
CreateAesCmacSiv(byte[])
Initializes a new AEAD instance using the AES-CMAC-SIV algorithm.
Declaration
public static Aead CreateAesCmacSiv(byte[] key)Parameters
| Type | Name | Description |
|---|---|---|
| byte[] | key | The secret key for AES-CMAC-SIV encryption. |
Returns
| Type | Description |
|---|---|
| Aead | An AEAD instance. |
CreateAesPmacSiv(byte[])
Initializes a new AEAD instance using the AES-PMAC-SIV algorithm.
Declaration
public static Aead CreateAesPmacSiv(byte[] key)Parameters
| Type | Name | Description |
|---|---|---|
| byte[] | key | The secret key for AES-PMAC-SIV encryption. |
Returns
| Type | Description |
|---|---|
| Aead | An AEAD instance. |
Dispose()
Disposes this object.
Declaration
public void Dispose()GenerateKey256()
Generates a random 32-byte encryption key.
Declaration
public static byte[] GenerateKey256()Returns
| Type | Description |
|---|---|
| byte[] | Generated key. |
GenerateKey512()
Generates a random 64-byte encryption key.
Declaration
public static byte[] GenerateKey512()Returns
| Type | Description |
|---|---|
| byte[] | Generated key. |
GenerateNonce(int)
Generates a random nonce.
Declaration
public static byte[] GenerateNonce(int size)Parameters
| Type | Name | Description |
|---|---|---|
| int | size | Nonce size in bytes. |
Returns
| Type | Description |
|---|---|
| byte[] | Generated nonce. |
Open(byte[], byte[], byte[])
Open decrypts ciphertext, authenticates the decrypted plaintext and the associated data and, if successful, returns the result. In case of failed decryption, this method throws CryptographicException.
Declaration
public byte[] Open(byte[] ciphertext, byte[] nonce = null, byte[] data = null)Parameters
| Type | Name | Description |
|---|---|---|
| byte[] | ciphertext | The ciphertext to decrypt. |
| byte[] | nonce | The nonce for encryption. |
| byte[] | data | Associated data to authenticate. |
Returns
| Type | Description |
|---|---|
| byte[] | The decrypted plaintext. |
Exceptions
| Type | Condition |
|---|---|
| CryptographicException | Thrown when the ciphertext is invalid. |
Seal(byte[], byte[], byte[])
Seal encrypts and authenticates plaintext, authenticates the associated data, and returns the result.
Declaration
public byte[] Seal(byte[] plaintext, byte[] nonce = null, byte[] data = null)Parameters
| Type | Name | Description |
|---|---|---|
| byte[] | plaintext | The plaintext to encrypt. |
| byte[] | nonce | The nonce for encryption. |
| byte[] | data | Associated data to authenticate. |
Returns
| Type | Description |
|---|---|
| byte[] | Concatenation of the authentication tag and the encrypted data. |