AES is the generic cipher context for the AES cipher, supporting key sizes of 128, 196 and 256 bits (16, 24 and 32 bytes). The blockSize is always 128 bits (16 bytes).

aeadInit only supports the AEAD_GCM mode for now.

AES128 provides the same interface as AES, but is restricted to 128-bit keys.

AES192 provides the same interface as AES, but is restricted to 192-bit keys.

AES256 provides the same interface as AES, but is restricted to 256-bit keys.

ARCTWO (also known as the trade marked name RC2) is a block cipher specified in RFC 2268.

The default cipherInit uses ekb = bit-length of the key; arctwoInitEKB allows to specify ekb manually. arctwoInitGutmann uses ekb = 1024 (the maximum).

ARCTWO uses keysizes from 1 to 128 bytes, and uses a blockSize of 64 bits (8 bytes).

Initialize cipher with an explicit ekb value (valid values from 1 to 1024, 0 meaning the same as 1024).

Initialize cipher with ekb = 1024.

BLOWFISH is a block cipher designed by Bruce Schneier. It uses a blockSize of 64 bits (8 bytes), and a variable key size from 64 to 448 bits (8 to 56 bytes).

Camellia is a block cipher developed by Mitsubishi and Nippon Telegraph and Telephone Corporation, described in RFC3713, and recommended by some Japanese and European authorities as an alternative to AES. The algorithm is patented (details see http://www.lysator.liu.se/~nisse/nettle/nettle.html).

Camellia uses a the same blockSize and key sizes as AES.

aeadInit only supports the AEAD_GCM mode for now.

Camellia128 provides the same interface as Camellia, but is restricted to 128-bit keys.

Camellia192 provides the same interface as Camellia, but is restricted to 192-bit keys.

Camellia256 provides the same interface as Camellia, but is restricted to 256-bit keys.

CAST128 is a block cipher specified in RFC 2144. It uses a 64 bit (8 bytes) blockSize, and a variable key size of 40 up to 128 bits (5 to 16 bytes).

DES is the old Data Encryption Standard, specified by NIST. It uses a blockSize of 64 bits (8 bytes), and a key size of 56 bits.

The key is given as 8 bytes, as one bit per byte is used as a parity bit. The parity bit is ignored by this implementation.

DES_EDE3 uses 3 DES keys k1 || k2 || k3. Encryption first encrypts with k1, then decrypts with k2, then encrypts with k3.

The blockSize is the same as for DES: 64 bits (8 bytes), and the keys are simply concatenated, forming a 24 byte key string (with 168 bits actually getting used).

TWOFISH is another AES finalist, designed by Bruce Schneier and others.

TWOFISH uses a the same blockSize and key sizes as AES.

aeadInit only supports the AEAD_GCM mode for now.

SERPENT is one of the AES finalists, designed by Ross Anderson, Eli Biham and Lars Knudsen.

The blockSize is 128 bits (16 bytes), and the valid key sizes are from 128 bits to 256 bits (16 to 32 bytes), although smaller bits are just padded with zeroes.

aeadInit only supports the AEAD_GCM mode for now.

StreamNonceCipher are special stream ciphers that can encrypt many messages with the same key; setting a nonce restarts the cipher.

A good value for the nonce is a message/packet counter. Usually a nonce should not be reused with the same key.

Sets a Word64 as 8-byte nonce (bigendian encoded)

ARCFOUR is a stream cipher, also known under the trade marked name RC4.

Valid key sizes are from 1 to 256 bytes.

SALSA20 is a fairly recent stream cipher designed by D. J. Bernstein.

Valid key sizes are 128 and 256 bits (16 and 32 bytes).

Salsa20 uses a blocksize of 64 bytes internally; if crpyted input isn't aligned to 64 bytes it will pad it with 0 and store the encrypted padding to xor with future input data.

Each message also requires a 8-byte (Word64) nonce (which is initialized to 0; you can use a message sequence number). Don't reuse a nonce with the same key.

Setting a nonce also resets the remaining padding data.

ESTREAM_SALSA20 is the same as SALSA20, but uses only 12 instead of 20 rounds in mixing.