What is AES?
AES (Advanced Encryption Standard) is a symmetric block cipher algorithm adopted by the U.S. government as the standard for encrypting classified information. It encrypts data in fixed-size blocks of 128 bits using keys of 128, 192, or 256 bits.
Quick Facts
| Full Name | Advanced Encryption Standard |
|---|---|
| Created | 2001 by NIST (algorithm by Daemen and Rijmen) |
| Specification | Official Specification |
How AES Works
AES was established by NIST in 2001 after a five-year selection process, replacing the older DES standard. The algorithm, originally called Rijndael, was designed by Belgian cryptographers Joan Daemen and Vincent Rijmen. AES operates on a 4x4 matrix of bytes called the state, applying multiple rounds of substitution, permutation, and mixing operations. AES-128 uses 10 rounds, AES-192 uses 12 rounds, and AES-256 uses 14 rounds. It's widely used in SSL/TLS, file encryption, VPNs, and secure messaging.
Key Characteristics
- Symmetric encryption (same key for encrypt/decrypt)
- Block cipher with 128-bit block size
- Key sizes: 128, 192, or 256 bits
- Fast in both hardware and software
- No known practical attacks against full AES
- U.S. government approved for classified data
Common Use Cases
- File and disk encryption
- SSL/TLS secure communication
- VPN tunneling
- Secure messaging apps
- Database encryption
Example
AES Encryption Modes:
ECB (Electronic Codebook) - Not recommended
CBC (Cipher Block Chaining) - Requires IV
CTR (Counter Mode) - Parallelizable
GCM (Galois/Counter Mode) - Authenticated encryption
AES-256-GCM Example (Node.js):
const crypto = require('crypto');
function encrypt(text, key) {
const iv = crypto.randomBytes(12);
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex');
const tag = cipher.getAuthTag();
return { iv, encrypted, tag };
}
Key Sizes:
AES-128: 16 bytes (128 bits) - 10 rounds
AES-192: 24 bytes (192 bits) - 12 rounds
AES-256: 32 bytes (256 bits) - 14 rounds
OpenSSL Command:
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc