I’m planning to use the Vault transit secrets engine to do encryption using an aes256-gcm96 key.
https://learn.hashicorp.com/vault/encryption-as-a-service/eaas-transit shows some example ciphertext that might be returned by an encryption call:
Is the format of this ciphertext documented somewhere? Is it possible to parse this ciphertext into separate fields? Specifically, I’m interested in parsing out the initialization vector and the tag, but I would like to know what all of the fields are.
(I understand that the ciphertext from that example might not have been encrypted with an AES key. If the format of the ciphertext varies by key type, I’m specifically interested in the ciphertext format for AES keys. But I imagine that others might be interested in the ciphertext format for other key types.)