Module aead 

AES-256-GCM authenticated encryption with associated data.

seal/open are the low-level primitives that take an explicit nonce and AAD. Callers that just want to wrap a key under a KEK without managing nonces should use wrap instead.

Functions

open

AES-256-GCM open. Expects ciphertext || 16-byte auth tag.

seal

AES-256-GCM seal. Produces ciphertext || 16-byte auth tag.