72 lines
No EOL
3.4 KiB
Markdown
72 lines
No EOL
3.4 KiB
Markdown
---
|
|
obj: concept
|
|
wiki: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
|
|
---
|
|
|
|
# AES
|
|
The Advanced Encryption Standard (AES) is a widely adopted symmetric encryption algorithm used to secure sensitive data. It was established as a standard by the U.S. National Institute of Standards and Technology (NIST) in 2001, following a public competition to select a successor to the Data Encryption Standard (DES). AES is known for its efficiency, security, and versatility, making it a popular choice for various applications, including data encryption, secure communications, and cryptographic protocols.
|
|
|
|
## Key Features
|
|
### 1. **Symmetric Encryption**
|
|
AES is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption. This key is kept secret between the communicating parties.
|
|
|
|
### 2. **Block Cipher**
|
|
AES operates on fixed-size blocks of data, encrypting and decrypting data in blocks of 128 bits. It supports key sizes of 128, 192, or 256 bits.
|
|
|
|
### 3. **Key Expansion**
|
|
The key expansion process in AES generates a set of round keys derived from the original key. These round keys are used in the multiple rounds of encryption and provide a high level of security.
|
|
|
|
### 4. **Rounds of Encryption**
|
|
AES performs a series of transformations known as rounds. The number of rounds depends on the key size: 10 rounds for a 128-bit key, 12 rounds for a 192-bit key, and 14 rounds for a 256-bit key.
|
|
|
|
### 5. **Substitution-Permutation Network (SPN) Structure**
|
|
AES employs an SPN structure, combining substitution (replacing each byte with another) and permutation (rearranging bytes) operations to achieve confusion and diffusion, enhancing the algorithm's security.
|
|
|
|
## Encryption Process
|
|
1. **Key Expansion:** Generate a set of round keys from the original key.
|
|
2. **Initial Round:** Add the initial round key to the plaintext.
|
|
3. **Main Rounds:** Perform a series of substitution, permutation, and mixing operations for the specified number of rounds.
|
|
4. **Final Round:** The final round excludes the mixing operation.
|
|
5. **Output:** The result is the ciphertext.
|
|
|
|
## Decryption Process
|
|
1. **Key Expansion:** Generate the round keys from the original key.
|
|
2. **Initial Round:** Add the initial round key to the ciphertext.
|
|
3. **Main Rounds:** Perform the inverse operations of the encryption process in reverse order.
|
|
4. **Final Round:** The final round excludes the mixing operation.
|
|
5. **Output:** The result is the decrypted plaintext.
|
|
|
|
## Strengths of AES
|
|
- **Security:** AES has withstood extensive cryptanalysis and is considered highly secure when implemented correctly.
|
|
- **Efficiency:** It is computationally efficient and well-suited for both hardware and software implementations.
|
|
- **Versatility:** AES is used in various applications, including securing data at rest, data in transit, and cryptographic protocols like TLS.
|
|
|
|
## Variants of AES
|
|
- **AES-128:** Uses a 128-bit key and 10 rounds of encryption.
|
|
- **AES-192:** Uses a 192-bit key and 12 rounds of encryption.
|
|
- **AES-256:** Uses a 256-bit key and 14 rounds of encryption.
|
|
|
|
## Usage
|
|
One can use AES with [OpenSSL](OpenSSL.md) or [GPG](GPG.md):
|
|
|
|
### OpenSSL
|
|
Encrypt:
|
|
```shell
|
|
openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted_file.enc
|
|
```
|
|
|
|
Decrypt:
|
|
```shell
|
|
openssl enc -aes-256-cbc -d -in encrypted_file.enc -out decrypted_file.txt
|
|
```
|
|
|
|
### GnuPG
|
|
Encrypt:
|
|
```shell
|
|
gpg -c --cipher-algo AES256 file.txt
|
|
```
|
|
|
|
Decrypt:
|
|
```shell
|
|
gpg -d file.txt.gpg -o decrypted_file.txt
|
|
``` |