Editor | L
[Vulnerability 404] Learning Article
Network security requires our joint efforts
If you need to reprint, please contact the platform
Basic Concepts of AES
<strong><span><span>AES</span></span></strong> is a symmetric encryption algorithm, meaning that the same key is used for both encryption and decryption.
<span>AES</span> (<span>Advanced Encryption Standard</span>, the advanced encryption standard) is a widely used symmetric encryption algorithm, officially published by the National Institute of Standards and Technology (<span>NIST</span>) in <span>2001</span> to replace the earlier <span>DES</span> (<span>Data Encryption Standard</span>) algorithm. AES has become one of the cornerstones of modern cryptography due to its efficiency, security, and flexibility, and is applied in fields such as data transmission, storage encryption, and network security.
- Symmetric Encryption
- Encryption and decryption use the same key, which must be shared in advance by both parties in communication.
- Advantages: Fast encryption speed, suitable for processing large amounts of data.
- Disadvantages: Key distribution poses security risks (the key must be transmitted through a secure channel).
- Block Cipher
<span>AES</span>is a block cipher (<span>Block Cipher</span>), processing plaintext data in fixed-size<span> **128</span>bits (<span>16 bytes</span>) ** blocks.- Supported key lengths:
<strong><span>128 bits, 192 bits, 256 bits</span></strong>, corresponding to<span>AES-128, AES-192, AES-256.</span> - Number of encryption rounds: Depending on the key length, the number of rounds is as follows:
<span>AES-128</span>: 10 rounds<span>AES-192</span>: 12 rounds<span>AES-256</span>: 14 rounds
<span>AES</span> has specific requirements for the length of the key<span> (key)</span> and the initialization vector<span> (IV)</span>, which differ based on the key size of <span>AES </span> (128/192/256) and the encryption mode:
Key<span> (key)</span> Length Requirements
The key length of AES is determined by its “strength”; different strengths of AES require different key lengths:
<strong><span>AES-128</span></strong><span>: </span>The key must be<strong><span>16 bytes (128 bits)</span></strong><strong><span>AES-192</span></strong><span>: </span>The key must be<strong><span>24 bytes (192 bits)</span></strong><strong><span>AES-256</span></strong><span>: </span>The key must be<strong><span>32 bytes (256 bits)</span></strong>
For example:
<span>AES-128</span> (default mode), so the <span>key</span> in the code needs to be<span> 16</span> bytes; if it is not enough<span> 16</span> bytes, padding is required.
key = "12345678912345678".encode() # exactly 16 bytes, meets the requirement.
To use <span>AES-256</span>, the <span>key</span> in the code needs to be changed to<span> 32</span> bytes, for example:
key = "abcdefghijklmnopqrstuvwxyz123456".encode() # 32 bytes
Initialization Vector<span> (IV)</span> Length Requirements
<span>IV </span> length is related to the <span>AES </span> block size, and the block size of <span>AES</span> is fixed at<strong><span>128 </span></strong> bits (<strong><span>16 bytes</span></strong>), regardless of key length:
- Regardless of whether using
<span>AES-128</span>,<span>192 </span>or<span>256</span>, the length of<strong><span>IV</span></strong>must be<strong><span>16 bytes</span></strong>
Python Implementation of AES Encryption and Decryption
Installing the Encryption Library in Python
pip install pycryptodome
<span>AES</span> encryption is most commonly used in <span>CBC</span> mode and <span>ECB</span> mode, although there are many other modes, all of which belong to <span>AES</span> encryption. The difference between <span>ECB</span> mode and <span>CBC</span> mode is that <span>ECB</span> does not require an <span>iv</span> offset, while <span>CBC</span> does.
Common Encryption Modes
AES supports various encryption modes, among which the most common areECB and CBC:
- ECB Mode: No IV is required, but security is poor (the same plaintext block encrypts to the same result), not recommended for practical scenarios.
- CBC Mode: Requires IV, offers higher security, and is a common choice in practical applications.
Encryption Example (CBC Mode)
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
import base64
# Original data
data = "123456" # Must be a multiple of 16
# data += (16 - len(data) % 16) * "\b"
data = pad(data.encode(), 16) # pad can help fill to 16 bytes
print("Padded data:::", data)
key = "1234567891234567".encode() # Must be 16 bytes # ecb defaults to 128 mode, so the key for 128 mode is 16 bytes
iv = "1234567891234567".encode() # Must be 16 bytes, also as above, because cbc requires XOR operation each time
aes = AES.new(key=key, mode=AES.MODE_CBC, iv=iv)
# Encrypt data based on aes algorithm object
encrypt_data = aes.encrypt(data)
print("encrypt_data:::", encrypt_data)
# Base64 encoding
b64encode_encrypt_data = base64.b64encode(encrypt_data)
print(b64encode_encrypt_data.decode())
# First encrypt, then base64 encode
#\x00o\x98\xd9\x1f\xd0\x85^p\x8f\x87y&S\xde\x1c

Notes
from Crypto.Cipher import AES # Import AES encryption library
from Crypto.Util.Padding import pad # Import padding library
import base64 # Import data encoding library
data = "123456" # Original plaintext data
data = pad(data.encode(), 16) # Directly using from Crypto.Util.Padding import pad to fill data, since 123456 is not enough 16 bytes, padding is needed
key = "asdfghjkl1234567".encode() # Must be 16 bytes, ecb defaults to 128 mode, so the key for 128 mode is 16 bytes
iv = "1234567890abcdef".encode() # Must be 16 bytes, also as above, because cbc requires XOR operation each time
aes = AES.new(key=key, mode=AES.MODE_CBC, iv=iv) # Store all encrypted data in aes variable
encrypt_data = aes.encrypt(data) # Encrypt data
print("encrypt_data:::", encrypt_data) # Output print content, the content is approximately: \x00o\x98\xd9\x1f\xd0\x85^p\x8f\x87y&S\xde\x1c
b64encode_encrypt_data = base64.b64encode(encrypt_data) # Use Base64 to encode the above data, if the above data \x00o\x98\xd9\x1f\xd0\x85^p\x8f\x87y&S\xde\x1c is not encoded, there are so many special characters, it is very likely to cause errors during data transmission
Decryption (CBC Mode)
import base64
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
b64encode_encrypt_data = 'xgLoSNOCAk/rdfkLEEJahg==' # 1. Base64 decode
encrypt_data = base64.b64decode(b64encode_encrypt_data)
print("encrypt_data:", encrypt_data) # AES decryption
key = "1234567891234567".encode() # Must be 16 bytes
iv = "1234567891234567".encode() # Must be 16 bytes
aes = AES.new(key=key, mode=AES.MODE_CBC, iv=iv)
data = aes.decrypt(encrypt_data)
print("data:", data)
data = unpad(data, 16)
print("source data:", data.decode()) # Remove padding
The decryption steps are essentially a reverse parsing of the encryption.
import base64 # Import base64 decoding
from Crypto.Cipher import AES # Import AES encryption algorithm
from Crypto.Util.Padding import unpad # Import unpadding
b64encode_encrypt_data = 'AG+Y2R/QhV5wj4d5JlPeHA==' # Pass the encoded encrypted data to b64encode_encrypt_data
encrypt_data = base64.b64decode(b64encode_encrypt_data) # First decode the already Base64 encoded data
key = "asdfghjkl1234567".encode() # Place the key before encryption into key
iv = "1234567890abcdef".encode() # Place the IV before encryption into iv
aes = AES.new(key=key, mode=AES.MODE_CBC, iv=iv) # Prepare an encryption and decryption tool, clarifying what key to use, what rules to work by, and the initial conditions to work with, then this tool can be used to encrypt data
print("data:", data) # Output the decrypted data, but will also output the padding
print("source data:", data.decode()) # Remove padding content

<span>In the end, you can see that the ciphertext has been decrypted.</span>
<span>The final key point:</span>
AES is a symmetric encryption algorithm, meaning that the same key is used for both encryption and decryption.
If you want to learn more about network security knowledge
Please scan the QR code to follow the public account for more information

