Decrypting AEAD-GCM : which crypto packages should I use?

Hi everyone!
I have an AEAD-GCM encrypted token with the cipher text, init vector, and the tag. I also have a key which is base64 encoded.

I’ve tried using ExCrypto, Crypto, and tried to use Hairnet, and I wasn’t able to find resources to do it right.

I’m not sure which packages would work with AES-GCM 256 bit encryption and decryption.

I’ve checked out the earlier post on this forum which was about encryption. That uses functions from the crypto which have been deprecated since OTP 24.

Thank you!

The last entry in the linked post seems to describe how to do the same with the newer crypto functions. Unknown cipher when encrypting data - #18 by CafeRacer

In your case it seems like you have all data needed to use :crypto.crypto_one_time_aead

In general most crypto primitives can be found in the :crypto module. It is shipped with OTP and are a collection of functions that uses openssl underneath through a NIF. Most other crypto packages are wrappers around crypto or before erlang 22.0 to provide functionality crypto did not yet support.

2 Likes

You’re right. That does have the newer crypto functions.

I do have all the data. I went step by step to figure out why it’s failing for me, and it looks like this time it’s the data I have.

It’s that I have Base64 encoded strings separated by a :, and when I decode the string and pass it to the function, I get an error value returned.

I tried decrypting the data encrypted in the same call. When I passed the variables as is, it decrypted and gave me the result. When I base64 encoded just the cipher tag and decoded it again just before passing it to the decrypt function, it returns error.

Have you verified the base64 padding option? I’ve had similar problems before where the encoded value was padded, but the decryptor expected unpadded (or vice versa).