Javatpoint Logo
Javatpoint Logo

AES GCM Encryption Java

Two advantages of the widely used symmetric key encryption technique called AES-GCM (Advanced Encryption Standard-Galois/Counter Mode) are data integrity and privacy. We will look at using AES-GCM encryption in Java in this section.

AES-GCM is a data block-based encryption method that belongs to the AES family. It employs a block size of 128 bits and supports key sizes of 128, 192, and 256 bits. The Galois/Counter Mode provides authentication and guarantees data integrity and confidentiality through the use of a method known as a Galois field multiplication.

Implementation in Java

The javax.crypto package, which provides methods for encryption and decryption, is essential for implementing AES-GCM encryption in Java. The Java code that is provided provides a useful illustration of AES-GCM encryption and decryption.

First, an AES-GCM cipher instance is created, a random 96-bit Initialization Vector (IV) is initialized, and a random 256-bit AES key is generated. Guaranteeing the singularity of every encryption process reduces the risks related to IV reuse. After setting the GCM parameters, including the IV, the encryption and decryption procedures are shown with an example of plaintext.


Plaintext: Hello, AES-GCM!
Ciphertext: $}�k�k��*��?C�{?��1pG\��腃�
Decrypted Text: Hello, AES-GCM!


To ensure the uniqueness of each encryption operation, a random 96-bit Initialization Vector (IV) is generated using the SecureRandom class g the KeyGenerator class. The Cipher class is then used to create an AES-GCM cipher instance with the specified transformation "AES/GCM/NoPadding," indicating the use of AES in Galois/Counter Mode without padding. A random 96-bit Initialization Vector (IV) is generated using the SecureRandom class to ensure the uniqueness of each encryption operation. The GCM parameters, including the IV, are set using the GCMParameterSpec. The cipher is initialized for encryption with the secret key and the GCM parameters.

The code encrypts a sample plaintext, "Hello, AES-GCM!" using the doFinal() method, and the resulting ciphertext is printed. For decryption, the cipher is re-initialized in the DECRYPT_MODE with the same secret key and GCM parameters. The ciphertext is then decrypted, and the original plaintext is printed.

Nonce and Initialization Vector (IV)

AES-GCM requires a unique IV for each encryption operation. It's essential not to reuse IVs with the same key to prevent vulnerabilities. In the provided example, a 96-bit IV is generated randomly. Ensure that the IV is communicated or stored alongside the ciphertext for decryption.

Authentication Tag

AES-GCM produces an authentication tag along with the ciphertext during encryption. This tag is used to verify the integrity of the data during decryption. It is crucial to include and verify this tag to ensure the data has not been tampered with.

Performance Considerations

AES-GCM is generally considered to be a performant encryption algorithm. However, for large datasets, consider using streaming APIs or dividing the data into smaller chunks to avoid memory issues.

By paying attention to these additional considerations, you can enhance the security and reliability of your Java AES-GCM encryption implementation.


In conclusion, the code supplied illustrates how AES-GCM encryption is implemented in Java and embodies a potent combination of data integrity and confidentiality. Using the AES family of encryption algorithms' Galois/Counter Mode, the code v the value of exception handling for thorough error reporting. A complete strategy for safe and effective AES-GCM encryption in Java also takes speed optimization into account, especially when managing big datasets via streaming APIs or data chunking.

Youtube For Videos Join Our Youtube Channel: Join Now


Help Others, Please Share

facebook twitter pinterest

Learn Latest Tutorials


Trending Technologies

B.Tech / MCA