Symmetric Authenticated Encryption (AE) or Authenticated Encryption with Associated Data (AEAD)

You can do more in Symmetric Encryption (Cipher) and that is Symmetric Authenticated Encryption (AE) or Authenticated Encryption with Associated Data (AEAD) which simultaneously provides confidentiality, integrity, and authenticity assurances on the data. And this can be done in three ways

• Encrypt-and-MAC (as in SSH originally)
• MAC-then-Encrypt (as in TLSv1.0, v1.1, v1.2)
• Encrypt-then-MAC (as in IPSec and TLSv1.3)

The recommended way is Encrypt-then-MAC, because if the package is malicious, you first want to do MAC validation and then encrypt, not the other way around. What if ciphertext contains evil code?

Belows shows a sequence diagram of the Encrypt-then-MAC, not that the key below is symmetric. Which means this signature does NOT offer non-repudiation as in with asymmetric keys.

Recommended AEAD are: AES-GSM and AES-CCM.

Reference: https://en.wikipedia.org/wiki/Authenticated_encryption#Encrypt-then-MAC_(EtM)