AES Encryption/Decryption Cipher Mode: Padding: Key Size: Key: IV: Random Nonce: AssociatedData: Character Set: Format: (Encrypted format represents output, decrypted format represents input) Encrypt Decrypt ↕ Swap Description AES: Advanced Encryption Standard, also known as the Rijndael encryption method, is a standard designed to replace the original Data Encryption Standard (DES) with higher security. The AES algorithm uses fixed-length keys (128 bits, 192 bits, or 256 bits) to encrypt and decrypt data blocks, with the encryption and decryption processes based on matrix operations and byte substitutions. During encryption, the plaintext data is divided into groups of 16 bytes (128 bits), and if the data is less than 16 bytes, it will be padded with specific characters (such as PKCS7). Therefore, the ciphertext of the last segment may vary depending on the padding method used. Operation Modes CBC: Cipher Block Chaining, where plaintext is divided into fixed-size blocks and encrypted sequentially. Each block (group) is XORed with the encrypted data of the previous block before encryption. To ensure uniqueness of each message, the first data block is XORed with an initialization vector (IV) before encryption. CBC mode is a widely used encryption mode, but its main drawback is that encryption is sequential and cannot be parallelized. Like ECB, message blocks must be padded to a multiple of the block size. ECB: Electronic Codebook, the simplest encryption mode where plaintext messages are divided into fixed-size blocks, with each block encrypted separately. Each block is encrypted and decrypted independently using the same method, allowing for parallel processing. However, if one block is decrypted, all plaintext data can be decrypted using the same method, compromising security. Suitable for scenarios with minimal data, where plaintext data needs to be padded to a multiple of the block size. OFB: Output Feedback, which transforms block ciphers into stream ciphers, encrypting bit by bit or byte by byte. It uses an initialization vector (IV) as input to generate a key stream through a block cipher algorithm. The key stream is XORed with plaintext to produce ciphertext. OFB mode offers parallel processing and is suitable for real-time encryption and decryption. It does not require padding and can handle data of any length. Additional mechanisms are needed to ensure data integrity and authentication. CFB: Cipher Feedback, which divides data into bits rather than blocks, providing characteristics of stream cipher encryption for encrypting data of any length. It allows for bit-by-bit or byte-by-byte encryption and decryption without padding. Similar to CBC mode, the ciphertext of the previous block is XORed with the plaintext of the current block to generate the ciphertext for the current block. Therefore, CFB mode is sensitive to transmission errors and data loss as an error bit can affect subsequent encryption results. CTS: Cipher Text Stealing, used to address the problem of the last block length being insufficient in block cipher encryption. During encryption, if the last block length is insufficient, partial ciphertext blocks are used to pad the plaintext block before encryption. During decryption, if the last block length is insufficient, partial ciphertext blocks are used for decryption, followed by removing the padded portion, ensuring consistency in data length before and after encryption. CTR: Counter Mode, which transforms block ciphers into stream ciphers for encryption on a bit-by-bit or byte-by-byte basis. It uses a counter as input to generate a key stream through a block cipher algorithm. The key stream is XORed with plaintext to produce ciphertext. CTR mode offers parallel processing and is suitable for real-time encryption and decryption. It does not require padding and can handle data of any length. Additional mechanisms are needed to ensure data integrity and authentication. Padding Modes None: No padding PKCS7: Padding consists of a byte sequence, with each byte padded to the length of the byte sequence Zeros: Padding consists of bytes set to zero ANSIX923: Padding consists of a byte sequence, where the last byte of the sequence indicates the length and other bytes are filled with zeros ISO10126: Padding consists of a byte sequence, where the last byte of the sequence indicates the length and other bytes are filled with random data For block symmetric encryption algorithms, some operation modes require the byte length of plaintext data to be a multiple of the block size, so we must pad the plaintext data before encrypting it. Key(IV) Text Or Hex Text represents the text format and is encoded in UTF-8 before being converted to a byte[] array. Hex represents the hexadecimal format, and the input will be converted from a hexadecimal string to a byte[] array before encryption. Character Set and Format encryption instructions First Scenario, taking DES encryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; encrypt the string "中国abc". Choose character set "UTF-8". The encryption output is in hexadecimal format, select "Hex" from the format dropdown. The encrypted output result is "C886FF3D9DCB37FA1FA0EAD95889DF3E". View Example Another Scenario, still using DES encryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; encrypt hexadecimal data, for example [0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08]. Choose character set "Hex". The encryption output is in Base64 format, select "Base64" from the format dropdown. The encrypted output result is "up/vqMd1Eq4d/TFcc22l3Q==". View Example Character Set and Format decryption instructions First Scenario, using DES decryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; decrypt the hexadecimal string "C886FF3D9DCB37FA1FA0EAD95889DF3E". Therefore, select "Hex" from the format dropdown for decryption, and the data encoding after decryption is "UTF-8". Choose character set "UTF-8". The decrypted string is "中国abc". View Example Another Scenario, still using DES decryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; decrypt the Base64 string "up/vqMd1Eq4d/TFcc22l3Q==". Therefore, select "Base64" from the format dropdown for decryption, and there is no additional encoding after decryption, as it is hexadecimal data. Choose character set "Hex" (selecting "UTF-8" would result in garbled text). The final decrypted string is "0102030405060708". View Example 0 Comments 0 / 300 Submit The current system only supports comments from logged-in users, go to Login