OPENSSL_ENCRYPT

Encrypts text using OpenSSL. Choose OPENSSL_ENCRYPT when you need to guarantee details of encryption, choose AES_ENCRYPT/AES_DECRYPT when performing both encryption and decryption within Tines for the best safety and features.

The output is an object with the ciphertext, the iv (if algorithm supports it), aad and auth_tag (if algorithm supports it). IV generation is handled via OpenSSL cryptographic random number generator using standard IV sized based on the algorithm provided. Values in the object are base64 encoded.

Arguments:

plaintext: The text to be encrypted.

algorithm: The algorithm to use, one of ["aes-128-cbc", "aes-256-cbc", "aes-256-gcm", "aes-256-ecb", "aes-128-ecb"] (recommended algorithm is aes-256-gcm)

key: The key to use for encryption. Note that each algorithm will require their own specific key sizes or an error will be raised.

aad: The 'additional authenticated data', which is unencrypted but will be authenticated when using a supported algorithm such as aes-256-gcm.

Returns an object with these keys:

encrypted: The ciphertext, base64 encoded.

iv: The IV if algorithm supports it. base64 encoded if present.

auth_tag: The authentication tag if using an AEAD algorithm such as aes-gcm-256, base64 encoded.