dotnet add package Soenneker.Encryption.AesGcm
using Soenneker.Encryption.AesGcm;
string encrypted = AesGcmUtil.Encrypt("super-secret-webhook-token", "configured-key-material");
string decrypted = AesGcmUtil.Decrypt(encrypted, "configured-key-material");The default string payload format is:
v1:<base64 nonce>:<base64 ciphertext>:<base64 tag>
For authenticated context binding, pass associated data during both encryption and decryption:
string encrypted = AesGcmUtil.Encrypt(secret, key, associatedData: "business-1:generic-webhook");
string decrypted = AesGcmUtil.Decrypt(encrypted, key, associatedData: "business-1:generic-webhook");Key material can be a base64 encoded 128-bit, 192-bit, or 256-bit AES key. Other key material is hashed with SHA-256 into a 256-bit AES key.
