How to Use the AES Encryption Tool
Step 1 : Paste or type the text you want to encrypt in the input box. At top right of the input box, you can see the size of the text you have entered.
Step 2 : Provide the encryption key in the input box. Or you can generate a random key by clicking on the bits indicator button. The size of the key will be decided base on key size selected in below step. Make sure key length must be 16, 24, or 32 bytes. Save the key for decryption.
Step 3 : Select the key size in bits. You can select 128, 192, or 256 bits. The key size will decide the encryption strength.
Step 4 : Select output format. You can select HEX, Base64.
Step 4 :Select mode of AES encryption you want to use. You can select CBC, CFB, OFB, CTR.
Step 5 :Base on AES encryption mode you have selected, you will see extra options such as Inital Vector, Counter, Segment Size etc.
Step 6 :Click on the Encrypt button to encrypt the text. You will see the encrypted text in the output box. If paramters are not upto the mark, you will see the error message below of the output box.
When to use CBC
CBC (Cipher Block Chaining) mode is more secure than ECB mode. CBC mode requires an initialization vector (IV) to encrypt the data.
Area where CBC shine :
- Sequential Data Encryption: CBC relay on chaining, meaning each ciphertext block depends on previous block, Such as Netowkr packets
- Up To Date : Due to it's popularity and widely studied and used in many security protocols and APIs.
- Message Authentication : CBC mostly used for message authentication.
- Legacy System : Compare to other modes, CBC mostly accpected and used and due to that legacy system default uses this mode.
Area where CBC is not good :
- Padding Orcale Attacks : If not properly design the CBC then it's vulnerable to padding oracle attack
- No Parallelization : Since it's operation and strick on order base, meaning that each block depends on it's preview block.
- IV Management : For each encryption, we need new IV, making it chanllenging when dealing with random data is not readily present or data is in hight throughtput.
CBC mode is suitable for scenarios where preserving data order, security, and compatibility with legacy systems are important considerations. However, it's essential to be aware of its vulnerabilities and properly manage initialization vectors to ensure the security of encrypted data.
When to use CTR
CTR (Counte) requires an counter will be used for generate a stream of pseudo-random bits, which are then XORed with the plaintext to produce the ciphertext. The counter is typically a sequence of numbers, often starting from a random valu
Area where CTR shine :
- Random Access : This make CTR very unique apart of other modes, you can decrypt part of message wihtout decrypting whole message.
- Parallelization : Due to it's nature, using horizonal scaling you can decrypt/encrypt parallelly.
- Deterministic Encryption :Same plaintext can produce the same ciphertext.
Area where CTR is not good :
- Padding : CTR format does not need padding like other formats. However, if your application requires padding (for example, when encrypting variable length messages), you will need to use padding separately.
- Ability to reuse : Using the same counter value with the same key will lead to weak security. Therefore, it is important to ensure that the counter value does not repeat the same key.
- Not suitable for communication: Unlike CBC mode, CTR mode does not link blocks of ciphertext together. This means that if the same plaintext block is encrypted multiple times with the same counter value, the same ciphertext block will be created with the corresponding information.
Summary :
TO mode is designed for random access, parallelization, deterministic encryption, category stream encryption, and other scenarios that need to be considered. However, to ensure the security of the encryption process, it is important to first check the security vectors and not reuse the counter values.
When to use CFB
CFB (Password Feedback) mode is an alternative to block ciphers. Similar to other modes, CFB mode can be useful in some situations and not the best choice in others.
Area where CFB is not good :
- Stream Data Encryption : CFB format is useful for encrypting stream data whose length is unknown in advance. It allows one byte or bit of data to be encrypted, making it suitable for instant messaging protocol or data encryption.
- Error Reporting : The CFB format has error reporting, which means that a single error in the ciphertext will only affect the encryption of the piece of data and will not be exposed to subsequent blocks. This can be useful in some situations where error recovery is important.
- Adaptive bit length : CFB mode supports adaptive bit length, allowing encrypting plaintext of any length (including non-blocking bit length). This variant is useful in applications that need to encrypt variable length plaintext.
- Parallelization : The CFB format generally does not support parallel encryption and decryption of blocks. Each block ciphertext relies on the understanding of the previous block, limiting the path to parallelism, which can be a determining factor in job performance. **Initialization Vector (IV)
- Management : Like other formats, the CFB format requires an initialization vector (IV) for each encryption operation. Managing and securing resident IVs can be challenging, especially in systems with high data volumes or where arbitrary data is not readily available.
- Security Issues : There are some security issues with the CFB format, particularly with the need for an IV that is unpredictable and unique for each transaction. Reusing IVs can lead to drawbacks, such as using critical attacks.
- Padding : CFB format does not always support padding. If your application requires padding (for example, when encrypting variable length messages), you will need to use padding separately. It is important to consider the length or relationship to the legacy system. But the initial vectors must be carefully controlled and potentially affect the safety of this model.
In summary, the CFB format is designed for situations where data stream encryption, error reporting, long bit changes, or compatibility with legacy systems are decision-making critical. But the initial vectors must be carefully controlled and potentially affect the safety of this model.
When to use OFB
OFB (Output Feedback), the previous ciphertext block is encrypted and then XORed with the plaintext to create the current ciphertext. The encryption of the previous ciphertext block is used as input to encrypt the next plaintext block, creating a stream of pseudo-random ciphertext blocks. OFB mode is mainly used in the stream cipher class where each plaintext block can be encrypted independently.
Area where OFB shine :
- Stream-like Encryption : OFB turns a block cipher into a stream cipher. If you need to encrypt data in a streaming manner, where each plaintext block can be encrypted independently, OFB can be a good choice.
- Error propagation : An error in the ciphertext only affects the corresponding plaintext block and does not propagate to subsequent blocks. Therefore, OFB provides a good solution if exposure error is a problem.
- Random Access : OFB allows random access decryption; This means you can decrypt a block of ciphertext without decrypting the previous block.
- Low latency : OFB format generally has lower latency compared to other formats such as CBC (Cipher Block Merging), making it worth your time.
Area where OFB is not good :
- No integrity : OFB provides encryption but no integrity protection. If data integrity is important, you should provide Message Protocol (MAC) to the OFB or use cryptographic proof such as GCM (Gallois/Counter Mode).
- Replay attack : Since OFB does not provide integrity protection, replay attack is easy where the attacker can capture and replay the encrypted data.
- Size Limitation : OFB has a limit on the maximum number of devices that can be accessed using a single key. Once this limit is reached, a new vectorization (IV) affecting the application must be used.
- Parallelization limitations : OFB encryption cannot be easily parallelized because the combination of each block depends on the ciphertext of the previous block.
Summary :
In summary, use OFB when you need streaming quality encryption, error message control, uninterrupted access, or low latency. However, if data integrity, countermeasures, or comparisons are important, consider using other formats such as GCM or TO (counter) formats.
Choose Key Size
Factor involved in choosing key size :
- level of security
- available computational resources
- regulatory or compliance
- common usecases, if you don't have specifc requriement then 128 is mostly used
- it has low securtiy compare to other, but provides best performance compare to others
- high security compare to 128 bit, but need more computational power
- some regulatory set a standard to use 192 bit at specific places
- as level of bit increase, the security increase and 256 bit is more secure then others
- in case of cryptographic attacks, 256 bit provides good resistance compare to others
- used for most classfied and sensitive data and for that you have to pay with high computational power
Choose Output Format
Hex- Convert Binary bytes into hex decimal (0-9 and A-F)
- Use when you want to debug or test or log encrypted data
- Compare to base64, hex generate longer string
- Convert Binary byes into 64 printable ASCII characters
- Takes less space compare to Hex
- Use when you want to transmit or store encrypted data
- Compare to Hex, Base64 is less human readable