GCM and GMAC

This is an implementation of the GCM encryption mode for use with the AES block cipher. GCM is a general-purpose encryption mode that uses a block cipher to provide both data confidentiality and data integrity in a single, easy to use construct. It provides these services in a way that is provably secure to very high levels of assurance under a standard assumption that the underlying block cipher exhibits pseudo-random behavior (this assumption is widely believed to be true, but will probably never be proven).

GCM is a building block upon which one can easily build secure channels. One need only add authentication, key agreement and prevention against capture-replay attacks.

GCM and GMAC are currently in a draft for the IEEE 802.1 LinkSec (link-level security) standard.

We expect to release an optimized version of the library by the end of February. This version performs as well as OCB mode in our initial testing.

Brian Gladman has also produced an optimized version of GCM that is available in his modes library. Look there for his timing results vs. other free authenticated encryption modes, as well.

Download (Latest: v0.9.1, Dec. 18, 2004)
Setup Documentation
API Documentation
The GCM specification, submitted to NIST.
The GCM paper

Our GCM implementation is in the public domain.