Scanning your connection...
Default PrivacyDefault Privacy
Back to Glossary
Encryption

What is AES-GCM?

A mode of AES encryption that provides both confidentiality and authentication in a single operation, widely used in TLS and disk encryption.

AES-GCM (Galois/Counter Mode) is an authenticated encryption mode that combines AES-CTR encryption with GMAC authentication.

Why Authenticated Encryption Matters

  • Encryption alone doesn't prevent tampering
  • An attacker could modify encrypted data without detection
  • GCM detects any modification, ensuring both confidentiality and integrity

Where It's Used

  • TLS 1.2 and 1.3
  • IPsec VPNs
  • Full-disk encryption (LUKS, BitLocker)
  • Cloud storage encryption
  • SSH

Performance

  • Very fast on processors with AES-NI hardware instructions
  • Parallelizable — can encrypt multiple blocks simultaneously
  • The authentication tag is generated alongside encryption at minimal extra cost

Caution

Never reuse a nonce (initialization vector) with the same key in GCM mode. Nonce reuse completely breaks the authentication and can reveal plaintext.

Related Terms

AES

Advanced Encryption Standard is a symmetric encryption algorithm adopted by the U.S. government and used worldwide. It's the gold standard for encrypting sensitive data, used in everything from HTTPS to disk encryption.

Encryption at Rest

Encryption applied to data stored on disks, databases, or other storage media. When data is 'at rest' (not actively being transmitted), encryption protects it from unauthorized access if storage devices are stolen or compromised.

Symmetric Encryption

An encryption method where the same secret key is used for both encrypting and decrypting data. While fast and efficient, the challenge lies in securely sharing the key between parties.

TLS

Transport Layer Security is a cryptographic protocol designed to provide secure communication over a computer network. TLS encrypts the connection between your browser and web servers, ensuring privacy and data integrity. It's the technology behind HTTPS.

Have more questions?

Use our guided flow to get the right next privacy step for AES-GCM.

Open Guided Flow