include::../description.adoc[]

== Noncompliant Code Example

[source,csharp]
----
public void encrypt(byte[] key, byte[] ptxt, byte[] ciphertext, byte[] tag)
{
    var nonce = Encoding.UTF8.GetBytes("7cVgr5cbdCZV"); // The initialization vector is a static value.

    using var cipher = new AesGcm(key);

    cipher.Encrypt(nonce, plaintext, ciphertext, tag); // Noncompliant
}
----

== Compliant Solution

[source,csharp]
----
public void encrypt(byte[] key, byte[] ptxt, byte[] ciphertext, byte[] tag)
{
    var nonce = new byte[AesGcm.NonceByteSizes.MaxSize];
    RandomNumberGenerator.Fill(nonce); // Random 96 bits nonc

    using var cipher = new AesGcm(key);

    cipher.Encrypt(nonce, plaintext, ciphertext, tag);
}
----

include::../see.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::./message.adoc[]

include::./highlighting.adoc[]

endif::env-github,rspecator-view[]