diff --git a/Cargo.bazel.lock b/Cargo.bazel.lock
index b49c8d23a30..60a0af3eac8 100644
--- a/Cargo.bazel.lock
+++ b/Cargo.bazel.lock
@@ -705,6 +705,7 @@ name = "direct-cargo-bazel-deps"
 version = "0.0.1"
 dependencies = [
  "acpi",
+ "aead",
  "aes-gcm",
  "aml",
  "anyhow",
diff --git a/Cargo.lock b/Cargo.lock
index 8e88ca324bc..9da55c87b8d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2614,6 +2614,7 @@ dependencies = [
 name = "oak_crypto"
 version = "0.1.0"
 dependencies = [
+ "aead",
  "aes-gcm",
  "anyhow",
  "async-trait",
diff --git a/WORKSPACE b/WORKSPACE
index 4d49ae596e1..a6ebdc764b4 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -399,6 +399,7 @@ crates_repository(
     lockfile = "//:cargo-bazel-lock.json",  # Shares most contents with cargo_lockfile.
     packages = {
         "acpi": crate.spec(version = "*"),
+        "aead": crate.spec(version = "*"),
         "aes-gcm": crate.spec(
             default_features = False,
             features = [
diff --git a/cargo-bazel-lock.json b/cargo-bazel-lock.json
index 2c18e826046..d06759828c0 100644
--- a/cargo-bazel-lock.json
+++ b/cargo-bazel-lock.json
@@ -1,5 +1,5 @@
 {
-  "checksum": "c1ebf4c386191637042b041a412ef98947a11ed010d97b9808a43ef53467cddd",
+  "checksum": "452f3d48019e281e163f2eedbe30f2a65c93d237850779ef9383209df1373d78",
   "crates": {
     "acpi 5.0.0": {
       "name": "acpi",
@@ -4311,6 +4311,10 @@
               "id": "acpi 5.0.0",
               "target": "acpi"
             },
+            {
+              "id": "aead 0.5.2",
+              "target": "aead"
+            },
             {
               "id": "aes-gcm 0.10.3",
               "target": "aes_gcm"
@@ -19296,6 +19300,7 @@
   },
   "direct_deps": [
     "acpi 5.0.0",
+    "aead 0.5.2",
     "aes-gcm 0.10.3",
     "aml 0.16.4",
     "anyhow 1.0.81",
diff --git a/oak_crypto/BUILD b/oak_crypto/BUILD
index a137ea4e08e..347fea51136 100644
--- a/oak_crypto/BUILD
+++ b/oak_crypto/BUILD
@@ -33,6 +33,7 @@ rust_library(
     ],
     deps = [
         "//oak_proto_rust",
+        "@oak_crates_index//:aead",
         "@oak_crates_index//:aes-gcm",
         "@oak_crates_index//:anyhow",
         "@oak_crates_index//:ecdsa",
diff --git a/oak_crypto/Cargo.toml b/oak_crypto/Cargo.toml
index 2cd45c0e5dd..0fe2b8a0abd 100644
--- a/oak_crypto/Cargo.toml
+++ b/oak_crypto/Cargo.toml
@@ -6,6 +6,7 @@ edition = "2021"
 license = "Apache-2.0"
 
 [dependencies]
+aead = { version = "*", default-features = false }
 aes-gcm = { version = "*", default-features = false, features = [
   "aes",
   "alloc",
diff --git a/oak_crypto/src/encryptor.rs b/oak_crypto/src/encryptor.rs
index 4cd84226698..0bed24edac2 100644
--- a/oak_crypto/src/encryptor.rs
+++ b/oak_crypto/src/encryptor.rs
@@ -20,6 +20,7 @@
 
 use alloc::vec::Vec;
 
+use aead::Payload;
 use anyhow::Context;
 use oak_proto_rust::oak::crypto::v1::{AeadEncryptedMessage, EncryptedRequest, EncryptedResponse};
 
@@ -31,6 +32,17 @@ use crate::{
     },
 };
 
+pub trait Encryptor {
+    fn encrypt<'msg, 'aad>(
+        &mut self,
+        plaintext: impl Into<Payload<'msg, 'aad>>,
+    ) -> anyhow::Result<Vec<u8>>;
+    fn decrypt<'msg, 'aad>(
+        &mut self,
+        ciphertext: impl Into<Payload<'msg, 'aad>>,
+    ) -> anyhow::Result<Vec<u8>>;
+}
+
 /// Encryptor object for encrypting client requests that will be sent to the
 /// server and decrypting server responses that are received by the client. Each
 /// Encryptor object corresponds to a single crypto session between the client