The Advanced Encryption Standard (AES), also known by its original name Rijndael (Dutch pronunciation: [ˈrɛindaːl]), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

AES is a subset of the Rijndael block cipher developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen, who submitted a proposal[5] to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes.

For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.

AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES),which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.

1 AES Encrypt and Decrypt

1.1 Encryption

Standard AES encryption method expects a password or key of exactly 128, 192 or 256 bits (16, 24 or 32 bytes). This key should be encoded in hexadecimal. Second parameter expected is the init vector (16 bytes) also encoded in hexadecimal. And as third parameter the string or Object to encrypt.

User should take care or using proper keys and IV lengths. If not, AES method will throw an exception.

String encrypt(String password, String initVector, String data)
String encrypt(String password, String initVector, byte[] data)
Copy
printf "%s" "Hello World!" | openssl enc -aes-256-cbc -e \
                                  -K "E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5" \
                                  -iv "629E2E1500B6BA687A385D410D5B08E3" \
                    | /usr/bin/xxd  -p
a5f8d2ba39878b5911cfb4f1d2dbe72b
Copy
<?php
$dataSha256 = "E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5";
$iv         = "629E2E1500B6BA687A385D410D5B08E3";
$dataAuth   = "Hello World!";

$encryptedData = openssl_encrypt($dataAuth, "AES-256-CBC", hex2bin($dataSha256), OPENSSL_RAW_DATA, hex2bin($iv));

echo "CRYPTED: " . bin2hex($encryptedData) . "\n\n";
CRYPTED: a5f8d2ba39878b5911cfb4f1d2dbe72b
Copy
<script>
    var conversor = new Ax.util.Hex();
    var aes = new Ax.crypt.AES();
    var encrypt = aes.encrypt("E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5", "629E2E1500B6BA687A385D410D5B08E3", "Hello World!");
    console.log(encrypt);
    console.log(conversor.encode(encrypt));
</script>

1.2 Decryption

Standard AES decryption method expects a password or key of exactly 128, 192 or 256 bits (16, 24 or 32 bytes) and one init vector with exactly 16 bytes also encoded in hexadecimal. You should apply same key and IV you used for encrypting the string.

byte[] decrypt(String password, String initVector, Object data)
byte[] decrypt(byte[] password, byte[] initVector, Object data)
Copy
openssl enc -aes-256-cbc -K E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5 
                         -iv 629E2E1500B6BA687A385D410D5B08E3
                         -d -in text_ENCRYPTED -out text_DECRYPTED
Copy
<script>
    var aes = new Ax.crypt.AES();
    var encrypt = aes.encrypt("E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5", "629E2E1500B6BA687A385D410D5B08E3", "Hello World!");
    var decrypt = aes.decrypt("E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5", "629E2E1500B6BA687A385D410D5B08E3", encrypt);
    console.log(encrypt);
    console.log(decrypt);
</script>
00000000 A5 F8 D2 BA 39 87 8B 59 11 CF B4 F1 D2 DB E7 2B ....9..Y.......+

00000000 48 65 6C 6C 6F 20 57 6F 72 6C 64 21             Hello World!

2 AES Simplified Implementation

This class provides two static methods implementing spetial AES implementation. This implementation can be used to encrypt and decrypt strings in a simplified way.

encrypt expects as parameters the key length (128, 192 or 256 bits), the secret password and the string to encrypt.

decrypt expects as parameters the secret password and a crypted string

Encryption process creates a real AES key from secret password and generates also a salt key using both for encryption. This method will return different encrypted data each time it's been called even same password and source data is used.

This is an specific Deister implementation or AES protocol and cannot be used as a standard encryption/decryption method.

Copy
<script>
    var source  = "Hello World!";
    var crypted = Ax.crypt.AES.encrypt(256, "SecretPassword", source);
    var decoded = Ax.crypt.AES.decrypt("SecretPassword", crypted);
    
    console.log("source :" + source);
    console.log("secret :" + crypted);
    console.log("decoded:" + decoded);
</script>
source :Secret message
secret :IAJYnvf54mq0/hfGpV2IU+ccJoW2mRC2rqTaLDYKd0JDZosqLQzTAFeDK/Xxq4s/+qrcjxSjIVi8
decoded:Secret message

3 AES encryption example

The following example shows how to use AES encrypt of a message using a password to generate a 32 bytes (256 bits) secret key and 16 bytes (128 bites) init vector. Secret key and init vector generated are used as input for AES encrypt.

3.1 Encrypt

Code block for encryption

Copy
<script>
    // Generate a secret key and initialization vector based on input "code"
    // (code can be a document id, customer code, patient id, etc)
    function getAESPasswordPlusIV(key)
    {
    	var password   = new Ax.crypt.Digest("SHA-256").update(key).digest();
    	var secretKey  = new Ax.crypt.Digest("SHA-256").update(password.toUpperCase()).digest();
    	var initVector = new Ax.crypt.Digest("MD5").update(secretKey.toUpperCase()).digest().toLowerCase();
    	
    	return { "secretKey" : secretKey, "initVector" : initVector };
    }
    
    // Initialize crypt    
    var code       = "ABC123";
    var keys       = getAESPasswordPlusIV(code);

    // Start encryption
    var message    = "This is a secret message";
    var payload1   = new Ax.crypt.AES().encrypt(keys.secretKey, keys.initVector, message);
    new Ax.io.File("/tmp/secret.encrypted").write(Ax.util.Base64.mimeEncode(payload1));

    console.log(new Ax.io.File("/tmp/secret.encrypted").readString());
</script>
FADs/05XaWoZ2dkcJClnO/Z4bypK+2KVqLThMdIaWUQ=

3.2 Decrypt

Code block for decryption

Copy
<script>

    // Generate a secret key and initialization vector based on input "code"
    // (code can be a document id, customer code, patient id, etc)
    function getAESPasswordPlusIV(key)
    {
    	var password   = new Ax.crypt.Digest("SHA-256").update(key).digest();
    	var secretKey  = new Ax.crypt.Digest("SHA-256").update(password.toUpperCase()).digest();
    	var initVector = new Ax.crypt.Digest("MD5").update(secretKey.toUpperCase()).digest().toLowerCase();
    	
    	return { "secretKey" : secretKey, "initVector" : initVector };
    }

    // Initialize crypt    
    var code       = "ABC123";
    var keys       = getAESPasswordPlusIV(code);

    // Start decryption
    var encrypted  = new Ax.io.File("/tmp/secret.encrypted").readString();
    var payload1   = new Ax.crypt.AES().decrypt(keys.secretKey, keys.initVector, Ax.util.Base64.mimeDecode(encrypted));
    new Ax.io.File("/tmp/secret.decrypted").write(payload1);
    
    
    console.log(new Ax.io.File("/tmp/secret.encrypted").readString());
    console.log(new Ax.io.File("/tmp/secret.decrypted").readString())
</script>
This is a secret message