Encrypted Content-Encoding for HTTP

An implementation of the aes128gcm encoding specified in RFC8188 (editor’s draft).

Note: keys are arrays of bytes, but are displayed on this page and expected in query string parameters as base64url-encodings of those bytes.


Return an HTTP response with a given Content-Encoding.


Content 3 pieces of content are offered: a 15 byte phrase (walrus); an 11 line poem (Xanadu); and a 644KB photo of an Enigma machine
Key base64url-encoded (without terminating '='s)
Record size Overhead is 17 bytes/record for aes128gcm
Padding To optimize for size, latency, or resistance to traffic analysis
In buffer initial amount of content used at each step; set a value smaller than the record size to see the effects of flush padding
Out buffer initial room for ciphertext used at each step; set a value, say, 3 times the record size to see the effects of fill padding


Accept an HTTP request with a given Content-Encoding.

POST a request with a supported content-encoding to aes128gcm?key-id=b64-key, providing the decryption key (key-id and base64url-encoded key value) in the querystring.

that doesn't use any encryption