AesBridge is a modern, secure, and cross-language AES encryption library. It offers a unified interface for encrypting and decrypting data across multiple programming languages. Supports GCM, CBC, and legacy AES Everywhere modes.
This is the C++ implementation of the core project.
👉 Main repository: https://github.com/mervick/aes-bridge
- 🔐 AES-256 encryption in GCM (recommended) and CBC modes.
- 🌍 Unified cross-language design.
- 📦 Compact binary format or base64 output.
- ✅ HMAC Integrity: CBC mode includes HMAC verification.
- 🔄 Backward Compatible: Supports legacy AES Everywhere format.
To integrate AesBridge into your C++ project using CMake, follow these steps.
Include AesBridge source code into your project
cd path/to/your-project/
git submodule add https://github.com/mervick/aes-bridge-cpp.git libs/aesbridge
git submodule update --init --recursiveIn your main CMakeLists.txt, add AesBridge subdirectory and configure the necessary include and link settings
# CMakeLists.txt
# Add the AesBridge library as a subdirectory
add_subdirectory(libs/aesbridge)
# Link your project to the AesBridge library
target_include_directories(your_project_name PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/libs
)
# Link your target with the AesBridge library
target_link_libraries(your_project_name PRIVATE AesBridge)
#include <string>
#include <vector>
#include <iostream>
#include "aesbridge/aesbridge.hpp"
int main() {
std::string message = "My secret message";
std::string passphrase = "MyStrongPass";
// Encrypt and decrypt using GCM mode (recommended)
std::string gcm_ciphertext = encrypt_gcm(message, passphrase);
std::string gcm_decrypted = decrypt_gcm(gcm_ciphertext, passphrase);
std::cout << "Decrypted: " << gcm_decrypted << std::endl;
// Example with CBC mode
std::string cbc_ciphertext = encrypt_cbc(message, passphrase);
std::string cbc_decrypted = decrypt_cbc(cbc_ciphertext, passphrase);
std::cout << "Decrypted: " << cbc_decrypted << std::endl;
return 0;
}AesBridge functions support both std::string and std::vector<unsigned char> for input and output. The input and output types must match — if you pass in a string, you'll receive a string in return; if you pass in a byte vector, you'll get a byte vector back.
Encrypts data using AES-256-GCM mode and returns the encrypted data as a base64 encoded string.
- Parameters:
data:std::stringorstd::vector<unsigned char>– Data to encrypt.passphrase:std::stringorstd::vector<unsigned char>– Encryption passphrase.
- Returns:
std::stringorstd::vector<unsigned char>- Base64 encoded encrypted data in the same data type as input
Decrypts base64 encoded data encrypted with encrypt_gcm().
- Parameters:
data:std::stringorstd::vector<unsigned char>– Base64 encoded encrypted data.passphrase:std::stringorstd::vector<unsigned char>– Passphrase used for encryption.
- Returns:
std::stringorstd::vector<unsigned char>- Plaintext in the same data type as input
Encrypts data using AES-256-GCM and returns raw binary output in the format:
salt (16 bytes) + nonce (12 bytes) + ciphertext + tag (16 bytes)
- Parameters:
data:std::stringorstd::vector<unsigned char>– Data to encrypt.passphrase:std::stringorstd::vector<unsigned char>– Encryption passphrase.
- Returns:
std::stringorstd::vector<unsigned char>- Encrypted data in the same data type as input
Decrypts binary data from encrypt_gcm_bin() using the given passphrase.
- Parameters:
data:std::stringorstd::vector<unsigned char>– Encrypted data.passphrase:std::stringorstd::vector<unsigned char>– Passphrase used for encryption.
- Returns:
std::stringorstd::vector<unsigned char>- Plaintext in the same data type as input
Encrypts data using AES-256-CBC with PKCS7 padding and HMAC-SHA256 authentication. Returns the encrypted data as a base64 encoded string.
- Parameters:
data:std::stringorstd::vector<unsigned char>– Data to encrypt.passphrase:std::stringorstd::vector<unsigned char>– Encryption passphrase.
- Returns:
std::stringorstd::vector<unsigned char>- Base64 encoded encrypted data in the same data type as input
Decrypts and verifies data previously encrypted with encrypt_cbc().
- Parameters:
data:std::stringorstd::vector<unsigned char>– Base64 encoded encrypted data.passphrase:std::stringorstd::vector<unsigned char>– Passphrase used for encryption.
- Returns:
std::stringorstd::vector<unsigned char>- Plaintext in the same data type as input
Encrypts data using AES-256-CBC; returns raw binary of format:
salt (16 bytes) + IV (16 bytes) + ciphertext + HMAC (32 bytes)
- Parameters:
data:std::stringorstd::vector<unsigned char>– Data to encrypt.passphrase:std::stringorstd::vector<unsigned char>– Encryption passphrase.
- Returns:
std::stringorstd::vector<unsigned char>- Encrypted data in the same data type as input
Decrypts and authenticates binary output from encrypt_cbc_bin().
- Parameters:
data:std::stringorstd::vector<unsigned char>– Encrypted data.passphrase:std::stringorstd::vector<unsigned char>– Passphrase used for encryption.
- Returns:
std::stringorstd::vector<unsigned char>- Plaintext in the same data type as input
⚠️ These functions are maintained solely for backward compatibility with older systems. While they remain fully compatible with the legacy AES Everywhere implementation, their use is strongly discouraged in new applications due to potential security limitations compared to GCM or CBC with HMAC.
Encrypts plaintext using AES-256-CBC in OpenSSL-compatible "Salted__" format.
Returns Base64 (std::string) or binary (std::vector<unsigned char>) depending on input type.
- Parameters:
data:std::stringorstd::vector<unsigned char>– Data to encrypt.passphrase:std::stringorstd::vector<unsigned char>– Encryption passphrase.
- Returns:
std::stringorstd::vector<unsigned char>- Base64 encoded encrypted data in the same data type as input
Decrypts data from encrypt_legacy(), expecting OpenSSL "Salted__" format.
- Parameters:
data:std::stringorstd::vector<unsigned char>– Base64 encoded encrypted data.passphrase:std::stringorstd::vector<unsigned char>– Passphrase used for encryption.
- Returns:
std::stringorstd::vector<unsigned char>- Plaintext in the same data type as input