AES implementations

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

Libraries

AES speed at 128, 192 and 256-bit key sizes.^{[clarification needed]}

Rijndael is free for any use public or private, commercial or non-commercial. The authors of Rijndael used to provide a homepage^[1] for the algorithm. Care should be taken when implementing AES in software. Like most encryption algorithms, Rijndael was designed on big-endian systems. For this reason, little-endian systems return correct test vector results only through swapping bytes of the input and output words.

The algorithm operates on plaintext blocks of 16 bytes. Encryption of shorter blocks is possible only by padding the source bytes, usually with null bytes. This can be accomplished via several methods, the simplest of which assumes that the final byte of the cipher identifies the number of Null bytes of padding added.

Careful choice must be made in selecting the mode of operation of the cipher. The simplest mode encrypts and decrypts each 128-bit block separately. In this mode, called "electronic code book (ECB)", blocks that are identical will be encrypted identically, which is entirely insecure. This will make some of the plaintext structure visible in the ciphertext. Selecting other modes, such as empressing a sequential counter over the block prior to encryption (CTR mode) and removing it after decryption avoids this problem.

• Current list of FIPS 197 validated cryptographic modules (hosted by NIST)
• Current list of FIPS 140 validated cryptographic modules with validated AES implementations (hosted by NIST) - Most of these involve a commercial implementation of AES algorithms. Look for "FIPS-approved algorithms" entry in the "Level / Description" column followed by "AES" and then a specific certificate number.

C/ASM library

• BeeCrypt
• ccrypt
• OpenSSL
• GnuTLS
• PolarSSL (single header and source file implementation Source Code)
• Reference implementation and derived code
• Brian Gladman
• libtomcrypt used in Dropbear SSH client and server
• mcrypt
• ncrypt
• Microsoft CryptoAPI uses Cryptographic Service Providers to offer encryption implementations. The Microsoft AES Cryptographic Provider was introduced in Windows XP and can be used with any version of the Microsoft CryptoAPI[1].

C++ library

• Botan has implemented Rijndael since its very first release in 2001
• Crypto++ A comprehensive C++ semi-public-domain implementation of encryption and hash algorithms. FIPS validated

C# /.NET

• As of version 3.5 of the .NET Framework, the System.Security.Cryptography namespace contains both a fully managed implementation of AES and a managed wrapper around the CAPI AES implementation.
• Bouncy Castle Crypto Library

Java

• Java Cryptography Extension, integrated in the Java Runtime Environment since version 1.4.2 (see example code)
• IAIK JCE, (see features)
• Bouncy Castle Crypto Library

Python

• PyCrypto
• M2Crypto, a Python wrapper for OpenSSL
• Python AES
• NCrypt, a Python wrapper for OpenSSL built using Pyrex
• alo-aes
• pycryptopp, a set of Python wrappers for a few of the best crypto algorithms from the Crypto++ library
• SlowAES, slow but still useful when faster ones are not available
• pycrypt, a small Python program that encrypts or decrypts files using AES

Applications

Archive and compression tools

• 7z
• PeaZip
• PKZIP
• RAR
• WinZip
• Amanda Backup

File system

• Encrypting File System in Windows XP SP1 and later Windows versions. ^[2]

Disk encryption

• DiskCryptor
• BitLocker (part of "Enterprise" and "Ultimate" editions of Windows Vista and Windows 7 operating systems)
• FileVault (part of the Mac OS X operating system, and also the included Disk Utility makes AES-encrypted drive images)
• FreeOTFE
• GBDE
• Geli (software)
• LUKS
• TrueCrypt
• Crypt4000 (FIPS 140-2 certified disk encryption software by Secuware)
• Private Disk

File encryption

• gKrypt (AES on GPUs)
• kryptel
• NCrypt

Security for communications in Local Area Networks

• IEEE 802.11i, an amendment to the original IEEE 802.11 standard specifying security mechanisms for wireless networks, uses AES-128 in CCM mode.
• The ITU-T G.hn standard, which provides a way to create a high-speed (up to 1 Gigabit/s) Local area network using existing home wiring (power lines, phone lines and coaxial cables), uses AES-128 for encryption.

Miscellaneous

• GPG, GPL-licensed, includes AES, AES-192, and AES-256 as options.
• IPsec
• KeePass Password Safe
• IronKey Uses AES 128-bit and 256-bit CBC-mode hardware encryption
• OpenSSL includes AES cipher support as of version 0.9.7 (released in 2002) and is dual-licensed under the terms of the OpenSSL License and the original SSLeay license. FIPS validated via IBM
• Pidgin (software), has a plugin that allows for AES Encryption
• XFire uses AES-128, AES-192 and AES 256 to encrypt usernames and passwords
• CyaSSL includes AES cipher support YaSSL HomePage
• DataLockerUses AES 256-bit CBC and XTS mode hardware encryption
• Universal Metering Interface (UMI) an open standard, originally created by Cambridge Consultants for use in Smart Metering devices/systems and home automation, which uses AES-128 alongside ECC-256 for various security purposes.
• Linux kernel's Crypto API, now exposed to userspace

Hardware

Intel and AMD processors include the AES instruction set. On IBM zSeries mainframes, AES is implemented as the KM series of assembler opcodes when various Message Security Assist facilities are installed.

References

1. Original homepage and archived copy
2. Encrypting File System in Windows XP and Windows Server 2003