I am using AESGCM256 with a nonce of 96 bytes to store keys (very secret information). There are more than 500 keys, the only place where they can be stored in decrypted form is the application RAM.
Now, when the application is launched, the user enters one decryption key and a nonce for each key. This is very uncomfortable, all the nonce are stored separately from the database where the encrypted keys are stored.
Is it safe to store nonce next to encrypted text? For example - nonce + ciphertext . That is, if an attacker has gained access to encrypted data, will it be easier for him to decrypt the keys if he knows the nonce? If not, then why do all libraries separate the nonce from the ciphertext, and not concatenate it?
