...
This compliant solution uses the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM) to perform the encryption. GCM has the benefit of providing authenticity (integrity) in addition to confidentiality. The same secret key can be used to encrypt multiple messages in GCM mode, but it is very important that a different initialization vector (IV) be used for each message. The below encrypt_gcm method uses SecureRandom to generate a unique (with very high probability) IV for each message encrypted. Logically, the encrypt_gcm method produces a pair of (IV, ciphertext), which the decrypt_gcm method consumes. However, at the Java level, the encrypt_gcm method returns a single byte array that consists of the IV followed by the ciphertext, since in practice this is often easier to handle than a pair of byte arrays.
...