Encrypted Content-Encoding for HTTP

An implementation of the aes128gcm encoding specified in RFC8188 (editor’s draft).

Note: keys are arrays of bytes, but are displayed on this page and expected in query string parameters as base64url-encodings of those bytes.

Response

Return an HTTP response with a given Content-Encoding.

• Example 1 — the 1st example from the specification, encrypted using the key yqdlZ-tYemfogSmv7Ws5PQ.
• Example 2 Multiple Records — the 2nd example from the specification, encrypted using the key BO3ZVPxUlnLORbVGMpbT1Q.

Customized

Content	walrus Xanadu photo	3 pieces of content are offered: a 15 byte phrase (walrus); an 11 line poem (Xanadu); and a 644KB photo of an Enigma machine
Encoding	aes128gcm identity togglecase
Key-id
Key		base64url-encoded (without terminating '='s)
Record size		Overhead is 17 bytes/record for aes128gcm
Padding	none flush fill	To optimize for size, latency, or resistance to traffic analysis
In buffer		initial amount of content used at each step; set a value smaller than the record size to see the effects of flush padding
Out buffer		initial room for ciphertext used at each step; set a value, say, 3 times the record size to see the effects of fill padding

Request

Accept an HTTP request with a given Content-Encoding.

POST a request with a supported content-encoding to aes128gcm?key-id=b64-key, providing the decryption key (key-id and base64url-encoded key value) in the querystring.

that doesn't use any encryption