AES Encryption Tool
AES Encryption Knowledge
AES Algorithm Background
- Replaced DES as new encryption standard in 2001
- Rijndael algorithm selected through NIST competition
- Federal Information Processing Standard FIPS 197
Common Application Scenarios
- Government/military communications
- Financial transaction protection
- Enterprise sensitive document storage
- SSL/TLS network transmission
Operation Modes
Mode Comparison
| Mode | IV Required | Parallelism | Error Propagation |
|---|---|---|---|
| CBC | Yes | No | Block-level |
| CTR | Counter | Yes | None |
| GCM | Nonce | Yes | Authentication |
Padding Modes
| Mode | Standard | Scheme | Use Cases |
|---|---|---|---|
| PKCS#7 | RFC 5652 | Pad with n bytes of value n | General data |
| ZeroPadding | Industry | Pad with 0x00 bytes | Binary data |
| ISO/IEC 7816-4 | ISO Standard | 0x80 followed by 0x00 | Smart card apps |
Key Lengths
- Standard: 128/192/256 bits
- Selection Criteria:
- 128-bit: Commercial applications
- 256-bit: Government/military grade
- Compliance: NIST SP 800-131A
Security Considerations
- IV Management:
- CBC requires cryptographically secure random IV
- CTR counters must never repeat
- Key Derivation:
- Use PBKDF2-HMAC-SHA256
- ≥10,000 iterations recommended
- Authentication:
- Prefer GCM over CBC
- Avoid ECB mode