Index of /ProgramDocuments/aescrypt

      Name                    Last modified       Size  Description

[DIR] Parent Directory 09-Jan-2008 17:38 -



AESCrypt: Rijndael encryption for shell scripts.

This is a program for encrypting/decrypting streams of data using Rijndael and Cipher Block Feedback mode (CFB-128).

Sourceforge project page:



aescrypt -k {keyfile}
aesget -k {keyfile}

Encrypt/decrypt stdin using the Advanced Encryption Standard winner "Rijndael" encryption algorithm in Cipher Block Feedback (stream) mode. Uses /dev/urandom to create a salt. Prepends the output stream with salt when encrypting, strips it off when decrypting.

Keyfile format:

where hexdits is:

32 chars for 128 bit
48 chars for 196 bits.
64 chars for 256 bits

Note that there may be other text in the file. But the key must be at start of a line, and must start with 'kk=', and must be hex.

If the key file is "-", it instead reads the first 33 bytes off stdin and treats them as a null-terminated hex key. Using "-" limits you to 128-bit keys, but prevents having to put the key onto disk for those cases where you are using public key encryption to chat session keys for aescrypt and do not want the session key anywhere that it could get intercepted.


  1. The keyfile is *NOT* encrypted.
  2. Keysize = 128 bits, hard-coded at the moment, despite any documentation to the contrary. Need a "-s" option to specify key size, sigh.
  3. Need a key generator! ( This should be a simple shell script -- use dd to grab some data, then md5sum to create a hex mix of that data, then 'awk' to grab the hex part of the output of md5sum ).
  4. Relies upon having /dev/urandom. See the Ocotillo PRNG if you don't have a /dev/urandom.
  5. This program was deliberately kept extremely simple. It is not intended to be a full encryption solution, it is intended to be used within scripts as part of a complete solution. Keychain management, public key signatures, etc. are all expected to be done external to this program.

Legal Notices

This software is a cryptographic component. It is not for export or redistribution to any of what are called the "T-10 Terrorist States" as detirmined by the U.S. Department of State. Please comply with this restriction so that this site is not forced to shut down.

December 15, 2000: Export reminder: I received a phone call today from a lady with the U.S. Bureau of Export Administration (BXA) who'd read my AEScrypt page (the URL of which I'd submitted to them for an export license exemption as required by U.S. export regulations, see for more info). aescrypt is of course Open Source. She wished to remind me that any application built using Open Source encryption components had to also be submitted to the BXA for the proper export license or license exemption if the application was to be exported. The export license for the component covers only the component, not applications that use the component. The fact that the component itself is Open Source and thus may be freely exported does not matter.

Hopefully this reminder will prevent problems on the part of those who use AEScrypt or other Open Source encryption components as part of a larger application.

Obtaining Source

This software is available only as source:


./configure -prefix=/opt/brupro
make install


AESCrypt was written by Eric Lee Green, and was modified to use Rijndael rather than Twofish by Randy Kaelber. AESCrypt is copyrighted by Enhanced Software Technologies Inc., but is released under a BSD-style Open Source license. See file LICENSE for info.

Attribution information: This software includes Rijndael encryption routines by Antoon Bosselaers and Vincent Rijmen. They have stated that their routines are free for public use.


Done by VA Linux's Source Forge service.
Eric Lee Green
Last modified: Thu May 17 10:00:04 MST 2001