gcm

README

GCM

A simple command line utility for encrypting and decrypting files of any size using Galois/Counter Mode (GCM). This is a wrapper around the Golang implementation of GCM.

Usage

The following flags are required for both encryption and decryption

Flag	Description
-K	The hex encoded key
-iv	The hex encoded IV
-in	The input file
-out	The output file

Further, you must specify one of -e for encryption or -d for decryption.

To encrypt a file, run

gcm -e -K fb7615b23d80891dd470980bc79584c8b2fb64ce60978f4d17fce45a49e830b7 -iv dbd1a3636024b7b402da7d6f -in data.txt -out data.txt.enc

Then to decrypt the file, run

gcm -d -K fb7615b23d80891dd470980bc79584c8b2fb64ce60978f4d17fce45a49e830b7 -iv dbd1a3636024b7b402da7d6f -in data.txt.enc -out data.txt

Recommended Values

It is strongly recommended that the given key and IV follow these rules

• keys must be 32 bytes in length
• IVs should be 12 bytes in length
• keys and IVs never be reused in combination

How it works

File encryption is achieved by splitting files into chunks of a predefined size (1 MB at this time) and performing GCM encryption on each chunk. The output of each operation is appended to a file. This entire output file is the final result of this GCM file encryption utility.

Overhead

Because of the nature of all Authenticated Encryption with Associated Data (AEAD) algorithms, such as GCM, there is a small amount of overhead added to each piece of encrypted data. This additional piece of data, called the TAG, is a fixed size of 16 bytes. In this implementation, the TAG is appended to each encrypted chunk in the output file.

In total, this algorithm produces 16 bytes * ceil(plainTextFileSize bytes / 1048576 bytes) of overhead (1048576 bytes is 1 MB). For a 1 MB file, the total encrypted file size will be 1048576 bytes + 16 bytes = 1048592 bytes.

Tests

This implementation passes all test samples from IEEE and NIST. However, it should be noted that those test samples are designed for small inputs and not for large file encryption.