The Advanced Encryption Standard (AES
), also known by its original name Rijndael (Dutch pronunciation: [ˈrɛindaːl]),
is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and
Technology (NIST) in 2001.
AES
is a subset of the Rijndael block cipher developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen,
who submitted a proposal[5] to NIST during the AES
selection process. Rijndael is a family of ciphers with different
key and block sizes.
For AES
, NIST selected three members of the Rijndael family, each with a block size of 128 bits,
but three different key lengths: 128, 192 and 256 bits.
AES
has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption
Standard (DES),which was published in 1977. The algorithm described by AES
is a symmetric-key algorithm,
meaning the same key is used for both encrypting and decrypting the data.
1 AES Encrypt and Decrypt
1.1 Encryption
Standard AES
encryption method expects a password or key of exactly 128, 192 or 256 bits (16, 24 or 32 bytes). This key should be encoded in hexadecimal.
Second parameter expected is the init vector (16 bytes) also encoded in hexadecimal. And as third parameter the string or Object to encrypt.
User should take care or using proper keys and IV lengths. If not, AES
method will throw an exception.
String | encrypt(String password, String initVector, String data) |
String | encrypt(String password, String initVector, byte[] data) |
printf "%s" "Hello World!" | openssl enc -aes-256-cbc -e \ -K "E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5" \ -iv "629E2E1500B6BA687A385D410D5B08E3" \ | /usr/bin/xxd -p
a5f8d2ba39878b5911cfb4f1d2dbe72b
<?php $dataSha256 = "E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5"; $iv = "629E2E1500B6BA687A385D410D5B08E3"; $dataAuth = "Hello World!"; $encryptedData = openssl_encrypt($dataAuth, "AES-256-CBC", hex2bin($dataSha256), OPENSSL_RAW_DATA, hex2bin($iv)); echo "CRYPTED: " . bin2hex($encryptedData) . "\n\n";
CRYPTED: a5f8d2ba39878b5911cfb4f1d2dbe72b
<script> var conversor = new Ax.util.Hex(); var aes = new Ax.crypt.AES(); var encrypt = aes.encrypt("E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5", "629E2E1500B6BA687A385D410D5B08E3", "Hello World!"); console.log(encrypt); console.log(conversor.encode(encrypt)); </script>
1.2 Decryption
Standard AES
decryption method expects a password or key of exactly 128, 192 or 256 bits (16, 24 or 32 bytes) and one init vector with exactly 16 bytes also encoded in hexadecimal.
You should apply same key and IV you used for encrypting the string.
byte[] | decrypt(String password, String initVector, Object data) |
byte[] | decrypt(byte[] password, byte[] initVector, Object data) |
openssl enc -aes-256-cbc -K E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5 -iv 629E2E1500B6BA687A385D410D5B08E3 -d -in text_ENCRYPTED -out text_DECRYPTED
<script> var aes = new Ax.crypt.AES(); var encrypt = aes.encrypt("E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5", "629E2E1500B6BA687A385D410D5B08E3", "Hello World!"); var decrypt = aes.decrypt("E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5", "629E2E1500B6BA687A385D410D5B08E3", encrypt); console.log(encrypt); console.log(decrypt); </script>
00000000 A5 F8 D2 BA 39 87 8B 59 11 CF B4 F1 D2 DB E7 2B ....9..Y.......+
00000000 48 65 6C 6C 6F 20 57 6F 72 6C 64 21 Hello World!
2 AES Simplified Implementation
This class provides two static methods implementing spetial AES
implementation. This implementation can be used to encrypt and decrypt strings in a simplified way.
encrypt expects as parameters the key length (128, 192 or 256 bits), the secret password and the string to encrypt.
decrypt expects as parameters the secret password and a crypted string
Encryption process creates a real AES
key from secret password and generates also a salt key using both for encryption. This method will return different encrypted data each time it's been called even same password and source data is used.
This is an specific Deister implementation or AES
protocol and cannot be used as a standard encryption/decryption method.
<script> var source = "Hello World!"; var crypted = Ax.crypt.AES.encrypt(256, "SecretPassword", source); var decoded = Ax.crypt.AES.decrypt("SecretPassword", crypted); console.log("source :" + source); console.log("secret :" + crypted); console.log("decoded:" + decoded); </script>
source :Secret message
secret :IAJYnvf54mq0/hfGpV2IU+ccJoW2mRC2rqTaLDYKd0JDZosqLQzTAFeDK/Xxq4s/+qrcjxSjIVi8
decoded:Secret message
3 AES encryption example
The following example shows how to use AES
encrypt of a message using a password
to generate a 32 bytes (256 bits) secret key and 16 bytes (128 bites) init vector.
Secret key and init vector generated are used as input for AES
encrypt.
3.1 Encrypt
Code block for encryption
<script> // Generate a secret key and initialization vector based on input "code" // (code can be a document id, customer code, patient id, etc) function getAESPasswordPlusIV(key) { var password = new Ax.crypt.Digest("SHA-256").update(key).digest(); var secretKey = new Ax.crypt.Digest("SHA-256").update(password.toUpperCase()).digest(); var initVector = new Ax.crypt.Digest("MD5").update(secretKey.toUpperCase()).digest().toLowerCase(); return { "secretKey" : secretKey, "initVector" : initVector }; } // Initialize crypt var code = "ABC123"; var keys = getAESPasswordPlusIV(code); // Start encryption var message = "This is a secret message"; var payload1 = new Ax.crypt.AES().encrypt(keys.secretKey, keys.initVector, message); new Ax.io.File("/tmp/secret.encrypted").write(Ax.util.Base64.mimeEncode(payload1)); console.log(new Ax.io.File("/tmp/secret.encrypted").readString()); </script>
FADs/05XaWoZ2dkcJClnO/Z4bypK+2KVqLThMdIaWUQ=
3.2 Decrypt
Code block for decryption
<script> // Generate a secret key and initialization vector based on input "code" // (code can be a document id, customer code, patient id, etc) function getAESPasswordPlusIV(key) { var password = new Ax.crypt.Digest("SHA-256").update(key).digest(); var secretKey = new Ax.crypt.Digest("SHA-256").update(password.toUpperCase()).digest(); var initVector = new Ax.crypt.Digest("MD5").update(secretKey.toUpperCase()).digest().toLowerCase(); return { "secretKey" : secretKey, "initVector" : initVector }; } // Initialize crypt var code = "ABC123"; var keys = getAESPasswordPlusIV(code); // Start decryption var encrypted = new Ax.io.File("/tmp/secret.encrypted").readString(); var payload1 = new Ax.crypt.AES().decrypt(keys.secretKey, keys.initVector, Ax.util.Base64.mimeDecode(encrypted)); new Ax.io.File("/tmp/secret.decrypted").write(payload1); console.log(new Ax.io.File("/tmp/secret.encrypted").readString()); console.log(new Ax.io.File("/tmp/secret.decrypted").readString()) </script>
This is a secret message