AES File Format
AES Crypt reads and writes file in the .aes file format. The file format is easily identifiable by software. To date, there are three versions of the .aes file format, which are numbered starting with version 0.
The current file format is version 2 and is shown below. The major enhancement to this version is the ability to have user-defined "tags" that may be inserted as plaintext into the encrypted file. These tags are inserted by AES Crypt or by other software that knows how to read and write the .aes file format. These tags are not encrypted so that they may be read or altered after the .aes file is created, without modifying the contents of the encrypted parts of the file or knowing the key required to decrypt the file. Tags should never be considered secure information. Click here to see a hex dump of a simple text file with the contents "Hello, World!" encrypted using AES Crypt.
3 Octets - 'AES'
1 Octet - 0x02 (Version)
1 Octet - Reserved (set to 0x00)
.... Start of repeating extension block section
2 Octet - Length in octets (in network byte order) of an extension
identifier and contents. If 0x0000, then no further
extensions exist and the next octet is the start of the
Initialization Vector (IV). Following an extension,
this length indicator would appear again to indicate
presence or absence of another extension and the size of
any such extension.
nn Octets - Extension identifier. This is either a URI or an
identifier defined by the AES developer community and
documented on the standard extensions page, either
of which is terminated by a single 0x00 octet. All
extension identifiers are case sensitive.
Examples of URIs:
http://www.aescrypt.com/extensions/creator/
urn:oid:1.3.6.1.4.1.17090.55.14
urn:uuid:85519EA3-1DA6-45b9-9041-8CD368D8C086
Note:
A URI was used to allow anybody to define extension
types, though we should strive to define a standard
set of extensions.
Examples of standard extension identifiers:
CREATED-DATE
CREATED-BY
A special extension is defined that has no name, but is
merely a "container" for extensions to be added after the
AES file is initially created. Such an extension avoids
the need to read and re-write the entire file in order to
add a small extension. Software tools that create AES
files should insert a 128-octet "container" extension,
placing a 0x00 in the first octet of the extension
identifier field. Developers may then insert extensions
into this "container" area and reduce the size of this
"container" as necessary. If larger extensions are added
or the "container" area is filled entirely, then reading
and re-writing the entire file would be necessary to add
additional extensions.
nn Octets - The contents of the extension
.... End of repeating extension block section
16 Octets - Initialization Vector (IV) used for encrypting the
IV and symmetric key that is actually used to encrypt
the bulk of the plaintext file.
48 Octets - Encrypted IV and 256-bit AES key used to encrypt the
bulk of the file
16 octets - initialization vector
32 octets - encryption key
32 Octets - HMAC
nn Octets - Encrypted message (2^64 octets max)
1 Octet - File size modulo 16 in least significant bit positions
32 Octets - HMAC
Thus, the footprint of the file is at least 134 octets.
File format is version 1 is no longer written by AES Crypt, though it does have the ability to read files in this format. Version 1 contains enhancements to allow the files to be produced in "streaming" mode, which is suitable for use with Linux as part of a backup process, for example, where the tar command is used and output is sent to AES Crypt as standard input (stdin). The other benefit to version 1 is faster password verification. The password entered by the user is used to encrypt an initialization vector (IV) and 32-octet (256-bit) encryption key, both of which are randomly created. The password can be verified immediately after checking the HMAC that protects this IV and key. The format for version 1 is shown below.
3 Octets - 'AES'
1 Octet - 0x01 (Version)
1 Octet - Reserved (set to 0x00)
16 Octets - Initialization Vector (IV) used for encrypting the
IV and symmetric key that is actually used to encrypt
the bulk of the plaintext file.
48 Octets - Encrypted IV and 256-bit AES key used to encrypt the
bulk of the file
16 octets - initialization vector
32 octets - encryption key
32 Octets - HMAC
nn Octets - Encrypted message (2^64 octets max)
1 Octet - File size modulo 16 in least significant bit positions
32 Octets - HMAC
Thus, the footprint of the file is at least 134 octets.
Version 0 is no longer written by AES Crypt, though it does have the ability to read files in this format. The format for version 0 is shown below.
3 Octets - 'AES'
1 Octet - 0x00 (Version)
1 Octet - File size modulo 16 in least significant bit positions
16 Octets - Initialization Vector (IV)
nn Octets - Encrypted message (2^64 octets max)
32 Octets - HMAC
Thus, the footprint of the file is at least 53 octets.