---
obj: concept
wiki: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
---

# AES
The Advanced Encryption Standard (AES) is a widely adopted symmetric encryption algorithm used to secure sensitive data. It was established as a standard by the U.S. National Institute of Standards and Technology (NIST) in 2001, following a public competition to select a successor to the Data Encryption Standard (DES). AES is known for its efficiency, security, and versatility, making it a popular choice for various applications, including data encryption, secure communications, and cryptographic protocols.

## Key Features
### 1. **Symmetric Encryption**
AES is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption. This key is kept secret between the communicating parties.

### 2. **Block Cipher**
AES operates on fixed-size blocks of data, encrypting and decrypting data in blocks of 128 bits. It supports key sizes of 128, 192, or 256 bits.

### 3. **Key Expansion**
The key expansion process in AES generates a set of round keys derived from the original key. These round keys are used in the multiple rounds of encryption and provide a high level of security.

### 4. **Rounds of Encryption**
AES performs a series of transformations known as rounds. The number of rounds depends on the key size: 10 rounds for a 128-bit key, 12 rounds for a 192-bit key, and 14 rounds for a 256-bit key.

### 5. **Substitution-Permutation Network (SPN) Structure**
AES employs an SPN structure, combining substitution (replacing each byte with another) and permutation (rearranging bytes) operations to achieve confusion and diffusion, enhancing the algorithm's security.

## Encryption Process
1. **Key Expansion:** Generate a set of round keys from the original key.
2. **Initial Round:** Add the initial round key to the plaintext.
3. **Main Rounds:** Perform a series of substitution, permutation, and mixing operations for the specified number of rounds.
4. **Final Round:** The final round excludes the mixing operation.
5. **Output:** The result is the ciphertext.

## Decryption Process
1. **Key Expansion:** Generate the round keys from the original key.
2. **Initial Round:** Add the initial round key to the ciphertext.
3. **Main Rounds:** Perform the inverse operations of the encryption process in reverse order.
4. **Final Round:** The final round excludes the mixing operation.
5. **Output:** The result is the decrypted plaintext.

## Strengths of AES
- **Security:** AES has withstood extensive cryptanalysis and is considered highly secure when implemented correctly.
- **Efficiency:** It is computationally efficient and well-suited for both hardware and software implementations.
- **Versatility:** AES is used in various applications, including securing data at rest, data in transit, and cryptographic protocols like TLS.

## Variants of AES
- **AES-128:** Uses a 128-bit key and 10 rounds of encryption.
- **AES-192:** Uses a 192-bit key and 12 rounds of encryption.
- **AES-256:** Uses a 256-bit key and 14 rounds of encryption.

## Usage
One can use AES with [OpenSSL](OpenSSL.md) or [GPG](GPG.md):

### OpenSSL
Encrypt:
```shell
openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted_file.enc
```

Decrypt:
```shell
openssl enc -aes-256-cbc -d -in encrypted_file.enc -out decrypted_file.txt
```

### GnuPG
Encrypt:
```shell
gpg -c --cipher-algo AES256 file.txt
```

Decrypt:
```shell
gpg -d file.txt.gpg -o decrypted_file.txt
```