For some unknown reason this library is using a fixed nonce. This is bad as AES-GCM can be trivially broken if a nonce is ever reused with the same key ( https://www.elttam.com/blog/key-recovery-attacks-on-gcm/ ).

I suggest the following: Remove all the nonce generation and saving logic in the keychain and all the custom nonce management code. AES.GCM.seal() will generate a random nonce if none is provided. The nonce does not need to be saved/generated/handled: AES.GCM.seal will serialize the nonce with the cyphertext in the combined representation and automatically read it back in constructor : AES.GCM.SealedBox(combined: data). It is totally transparant to the user ot the AES.GCM api.

Note: a key can be reused securely up to a certain extent with AES-GCM (IIRC 64Gb max per key), thus to have a really secure storage, a key rotation should be implemented.