Package etm provides a set of Encrypt-Then-MAC AEAD implementations, which combine block ciphers like AES with HMACs. An AEAD (Authenticated Encryption with Associated Data) construction provides a unified API for sealing messages in a way which provides both confidentiality *and* integrity. This not only prevents malicious tampering but also eliminates online attacks like padding oracle attacks which can allow an attacker to recover plaintexts without knowledge of the secret key (e.g., Lucky 13 attack, BEAST attack, etc.). By rejecting ciphertexts which have been modified, these types of attacks are eliminated. This package implements five proposed standards: All five constructions combine AES in CBC mode with an HMAC, but vary in the degree of security offered and the amount of overhead required. See http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-02 for full technical details. AEAD_AES_128_CBC_HMAC_SHA_256 requires a 32-byte key, provides 128 bits of security for both confidentiality and integrity, and adds up to 56 bytes of overhead per message. AEAD_AES_192_CBC_HMAC_SHA_384 requires a 48-byte key, provides 192 bits of security for both confidentiality and integrity, and adds up to 64 bytes of overhead per message. AEAD_AES_256_CBC_HMAC_SHA_384 requires a 56-byte key, provides 256 bits of security for confidentiality, provides 192 bits of security for integrity, and adds up to 64 bytes of overhead per message. AEAD_AES_256_CBC_HMAC_SHA_512 requires a 64-byte key, provides 256 bits of security for both confidentiality and integrity, and adds up to 72 bytes of overhead per message. AEAD_AES_128_CBC_HMAC_SHA1 requires a 36-byte key, provides 128 bits of security for confidentiality, provides 96 bits of security for integrity, and adds up to 52 bytes of overhead per message. (This construction uses SHA-1, and should only be used when the use of SHA2 is not possible.)