Walker.Crypto.SimpleAESEncryption
Provides simple, sync-based AES-GCM encryption and decryption with a key derived from a password using Argon2id (memory-hard, side-channel resistant). Includes secure random salt/IV generation and proper authenticated encryption.
Types
AESEncryptedText
Holds AES-GCM encrypted data with associated salt and IV.
Format when serialized: Salt|IV|Ciphertext+Tag (all Base64)
- Fields:
- string Salt – Base64-encoded 16-byte random salt (for Argon2id key derivation)
- string IV – Base64-encoded 12-byte GCM nonce
- string EncryptedText – Base64-encoded ciphertext + 16-byte authentication tag
- Methods:
- string ToString() – Returns
Salt|IV|EncryptedText - static AESEncryptedText FromString(string input) – Parses the above format. Throws FormatException if invalid.
- string ToString() – Returns
Methods
Encrypt(string plainText, SecureData password)
Encrypts UTF-8 text using AES-256-GCM.
- Generates random 16-byte salt and 12-byte IV
- Derives 256-bit key via Argon2id (19 MiB memory, 10 iterations, 2 threads)
- Returns AESEncryptedText containing salt, IV, and authenticated ciphertext
Decrypt(AESEncryptedText encrypted, SecureData password)
Decrypts and verifies an AESEncryptedText value.
- Re-derives key using stored salt + password
- Verifies GCM authentication tag (fails fast on tampering)
- Returns SecureData (zeroable secure string)
Decrypt(string encryptedText, string ivBase64, string saltBase64, SecureData password)
Low-level helper for manual decryption using raw Base64 components.
GenerateRandomBytes(int size)
Secure random byte generation using RandomNumberGenerator.
DeriveKey(SecureData password, byte[] salt, int keyBytes = 32)
Internal method: derives key using Argon2id with OWASP 2025+ recommended parameters.