AES-GCM Encrypt

Encrypt data using AES-256-GCM (Galois/Counter Mode) authenticated encryption. Produces ciphertext with an appended authentication tag that guarantees integrity and authenticity.

Only AES-256 is supported. The key must be exactly 32 bytes.

Input

Raw bytes in the following layout:

Offset

Field

Type

Description

[0:32]

key

32 bytes

AES-256 key

[32:44]

nonce

12 bytes

Initialization vector

[44:]

plaintext

bytes

Data to encrypt

Output

Bytes

Type

Description

ciphertext + auth tag

bytes

Encrypted data concatenated with authentication tag

Use cases

Encrypting sensitive event parameters before emission
Building encrypted storage helpers
Encrypting messages or data for specific recipients

Examples

Built-in helper

function aes_gcm_encrypt(sbytes32 key, uint96 nonce, bytes memory plaintext) view returns (bytes memory);

bytes memory ciphertext = aes_gcm_encrypt(aesKey, nonce, plaintext);

Manual usage

function aesEncrypt(
    suint256 key,
    uint96 nonce,
    bytes memory plaintext
) internal view returns (bytes memory) {
    bytes memory input = abi.encodePacked(uint256(key), nonce, plaintext);
    (bool success, bytes memory result) = address(0x66).staticcall(input);
    require(success, "AES-GCM Encrypt precompile failed");
    return result;
}

See CryptoUtils.sol for the production implementation.

PreviousECDH NextAES-GCM Decrypt

Last updated 3 hours ago

hashtagInput

hashtagOutput

hashtagUse cases

hashtagExamples

hashtagBuilt-in helper

hashtagManual usage