AES implementations
There are various implementations of the Advanced Encryption Standard, also known as Rijndael.
Libraries
Rijndael is free for any use public or private, commercial or non-commercial. The authors of Rijndael used to provide a homepage for the algorithm. Care should be taken when implementing AES in software, in particular around side-channel attacks.The algorithm operates on plaintext blocks of 16 bytes. Encryption of shorter blocks is possible only by padding the source bytes, usually with null bytes. This can be accomplished via several methods, the simplest of which assumes that the final byte of the cipher identifies the number of null bytes of padding added.
Implementation Considerations
Careful choice must be made in selecting the mode of operation of the cipher. The simplest mode encrypts and decrypts each 128-bit block separately. In this mode, called electronic code book, blocks that are identical will be encrypted identically; this is entirely insecure. It makes some of the plaintext structure visible in the ciphertext. Selecting other modes, such as using a sequential counter over the block prior to encryption and removing it after decryption avoids this problem. Another mode, Cipher Block Chaining is one of the most commonly used modes of AES due to its use in TLS. CBC uses a random initialization vector to ensure that distinct ciphertexts are produced even when the same plaintext is encoded multiple times. The IV can be transmitted in the clear without jeopardizing security. A common practice is to prepend the 16 byte IV to the ciphertext, which gives the decrypter easy access to the IV. Care must be taken to use a new IV for every encryption operation, since otherwise an attacker can recover plaintext.- Current list of FIPS 197 validated cryptographic modules
- Current list of FIPS 140 validated cryptographic modules with validated AES implementations – Most of these involve a commercial implementation of AES algorithms. Look for "FIPS-approved algorithms" entry in the "Level / Description" column followed by "AES" and then a specific certificate number.
C/ASM library
- Libgcrypt
- wolfSSL
- GnuTLS
- Network Security Services
- OpenSSL
- LibreSSL
- BoringSSL
- mbed TLS
- axTLS
- Microsoft CryptoAPI uses Cryptographic Service Providers to offer encryption implementations. The Microsoft AES Cryptographic Provider was introduced in Windows XP and can be used with any version of the Microsoft CryptoAPI.
- Small portable AES128/192/256 in C
- A byte-oriented portable AES-256 implementation in C
- Solaris Cryptographic Framework offers multiple implementations, with kernel providers for hardware acceleration on x86 and on SPARC. It is available in Solaris and derivatives, as of Solaris 10.
- OpenAES portable C cryptographic library
- LibTomCrypt is a modular and portable cryptographic toolkit that provides developers with well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and other routines.
- API for
- Compact implementation of AES-128 encryption in C, x86, AMD64, ARM32 and ARM64 assembly.
- Implementation for embedded 16-bit microcontroller
- AES code with optional support for Intel AES NI and VIA ACE by Dr. Brian Gladman.
C++ library
- Botan has implemented Rijndael since its very first release in 2001
- Crypto++ A comprehensive C++ public-domain implementation of encryption and hash algorithms. FIPS validated
C/CUDA library
- has implemented Rijndael on CUDA with its first release in 2012
C# /.NET
- As of version 3.5 of the .NET Framework, the System.Security.Cryptography namespace contains both a fully managed implementation of AES and a managed wrapper around the CAPI AES implementation.
- Bouncy Castle Crypto Library
Delphi
- Delphi Encryption Compendium has a cross platform capable AES implementation, among implementations of various other cryptographic algorithms
Go
- The package in standard library
Java
- Java Cryptography Extension, integrated in the Java Runtime Environment since version 1.4.2
- IAIK JCE
- Bouncy Castle Crypto Library
Python
- – The Python Cryptography Toolkit PyCrypto, extended in
- keyczar – Cryptography Toolkit keyczar
- M2Crypto – M2Crypto is the most complete OpenSSL wrapper for Python.
- – Python library which exposes cryptographic recipes and primitives.
- – Python binding for libSodium
JavaScript
- SJCL library – contains JavaScript implementations of AES in CCM, CBC, OCB and GCM modes
- AES-JS – portable JavaScript implementation of AES ECB and CTR modes
- Forge – JavaScript implementations of AES in CBC, CTR, OFB, CFB, and GCM modes
- asmCrypto – JavaScript implementation of popular cryptographic utilities with focus on performance. Supports CBC, CFB, CCM modes.
- pidCrypt – open source JavaScript library. Only supports the CBC and CTR modes.
Rust
- – Rust implementation.
LabVIEW
- – LabVIEW implementation.
Zig
- - Zig Standard Library. Includes hardware support for AES-NI on x86_64 and ARM AES Extensions on AArch64.
Applications
Archive and compression tools
File encryption
- Away RJN Cryptography uses Rijndael Algorithm 256-bit Data Blocks, Cipher Key and CTR for any and all Document or picture encryption in Windows only.
- Gpg4win
- Ncrypt
Encrypting file systems
- Most encrypting file systems use AES, e.g. NTFS
Disk / partition encryption
- BitLocker
- CipherShed
- DiskCryptor
- FileVault
- GBDE
- Geli (software)
- LibreCrypt
- LUKS
- Private Disk
- TrueCrypt
- VeraCrypt
Storage encryption
Security for communications in local area networks
- IEEE 802.11i, an amendment to the original IEEE 802.11 standard specifying security mechanisms for wireless networks, uses AES-128 in CCM mode.
- The ITU-T G.hn standard, which provides a way to create a high-speed local area network using existing home wiring, uses AES-128 for encryption.
Miscellaneous
- DataLocker Uses AES 256-bit CBC and XTS mode hardware encryption
- Get Backup Pro uses AES-128 and AES-256
- GPG, GPL-licensed, includes AES, AES-192, and AES-256 as options.
- IPsec
- IronKey Uses AES 128-bit and 256-bit CBC-mode hardware encryption
- KeePass Password Safe
- LastPass
- Linux kernel's Crypto API, now exposed to userspace
- supports AES 128/256 in CBC, ECB and CTR modes for file and folder encryption on the Windows platform.
- Pidgin (software), has a plugin that allows for AES Encryption
- Javascrypt Free open-source text encryption tool runs entirely in web browser, send encrypted text over insecure e-mail or fax machine.
- PyEyeCrypt Free open-source text encryption tool/GUI with user-selectable AES encryption methods and PBKDF2 iterations.
- Signal Protocol
- * Google Allo
- * Facebook Messenger
- * Signal
- * TextSecure
- SocialDocs file encryption uses AES256 to provide a free-online file encryption tool
- XFire uses AES-128, AES-192 and AES 256 to encrypt usernames and passwords
- Certain games and engines, such as the Rockstar Advanced Game Engine used in Grand Theft Auto IV, use AES to encrypt game assets in order to deter hacking in multiplayer.
Hardware
- x86-64 and ARM processors include the AES instruction set.
- On IBM zSeries mainframes, AES is implemented as the KM series of assembler opcodes when various Message Security Assist facilities are installed.
- SPARC S3 core processors include the AES instruction set, which is used with SPARC T4 and SPARC T5 systems.