AES-GCM and AEAD Protected Data Packet (IETF draft)

Tankred Hase mail at
Wed Mar 23 03:20:24 CET 2016


I’ve implemented initial support for AES-GCM in OpenPGP.js using the IETF draft for authenticated encryption:

I’ve created a pull request on GitHub for the implementation. The specification leaves quite a bit of wiggle room and I’ve listed my thoughts here:

I’ve already contacted the specification author to give feedback, but being the most widely adopted OpenPGP implementation out there, I also wanted to get the GnuPG community's thoughts. Making GCM the new standard mode for symmetric encryption would give us a modern and performant alternative to OpenPGP's CFB mode. Especially with regards to the WebCrypto api, where GCM is natively supported, but not CFB (currently marked as a 'WontFix' in the chromium bug tracker):

Together will ECC asymmetric encryption, GCM should give OpenPGP a modern cipher suite supported natively in browsers. This will hopefully also allow the community to deprecate some older crypto down the road. Looking forward to your feedback.


P.S. Just for reference, here are the GitHub issues tracking ECC in OpenPGP.js. We have not started implementing them, but the plan is to move ahead after GCM is merged:

More information about the Gnupg-users mailing list