Process an authenticated encryption operation. Opcode: 17 (0x0011)


key_nameStringName of the key to use for the operation
algAeadThe AEAD algorithm to compute
nonceVector of unsigned bytesNonce or IV to use
additional_dataVector of unsigned bytesAdditional data that will be authenticated but not encrypted
plaintextVector of unsigned bytesData that will be authenticated and encrypted
  • key_name must allow the usage flag encrypt.
  • nonce must be appropriate for the selected algorithm.


ciphertextVector of unsigned bytesBuffer containing the authenticated and encrypted data
  • The additional data is not part of ciphertext. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data.

Specific response status codes

  • PsaErrorNotPermitted: The key does not have the encrypt flag, or it does not permit the requested algorithm.
  • PsaErrorInvalidArgument: The key is not compatible with alg.
  • PsaErrorNotSupported: alg is not supported.


Authenticates and encrypts the given data using the given AEAD algorithm.



Copyright 2020 Contributors to the Parsec project.