Encryption (AES / HMAC)

The framework provides AES-256-GCM encryption and HMAC-SHA256 signing through the cipher module.

AES-GCM Encryption

AES-GCM provides authenticated encryption (confidentiality + integrity). Each encryption requires a 32-byte key and a 12-byte IV (nonce). The output format is ciphertext || tag (16-byte GCM authentication tag appended to the ciphertext). aes::decrypt() extracts the tag automatically.

cpp

#include <framework/support/cipher.hpp>

using namespace framework;
using namespace framework::support::cipher;

// Generate a random key and IV
std::string key = aes::generate_key();   // 32 bytes (AES-256)
std::string iv = aes::generate_iv();     // 12 bytes (GCM nonce)

// Encrypt
std::string encrypted = aes::encrypt(key, iv, "Hello, world!");

// Decrypt
std::string decrypted = aes::decrypt(key, iv, encrypted);

// With output buffers (reuse allocations)
std::string out;
aes::encrypt(key, iv, "data", out);
aes::decrypt(key, iv, out, decrypted);

Constants

cpp

constexpr int aes::KEY_SIZE = 32;   // AES-256 key length
constexpr int aes::IV_SIZE = 12;    // 96-bit nonce for GCM
constexpr int aes::TAG_SIZE = 16;   // GCM authentication tag

HMAC-SHA256 Signing

HMAC provides message integrity verification using a shared secret.

cpp

// Compute HMAC (returns hex-encoded string)
std::string signature = hmac::compute(secret_key, "message");

// With output buffer
std::string out;
hmac::compute(secret_key, "message", out);

Key Generation

Use the keys_generator CLI tool to generate cryptographic keys:

bash

./keys_generator

This outputs a base64-encoded signature key and encryption key for use in JWT configuration.

Encryption (AES / HMAC) ​

AES-GCM Encryption ​

Constants ​

HMAC-SHA256 Signing ​

Key Generation ​

Encryption (AES / HMAC)

AES-GCM Encryption

Constants

HMAC-SHA256 Signing

Key Generation