AES (Advanced Encryption Standard) is a symmetric block cipher standardised by NIST. It has a fixed data block size of 16 bytes. Its keys can be 128, 192, or 256 bits long.
AES is implemented using the ESP32 hardware module.
from crypto import AES import crypto key = b'notsuchsecretkey' # 128 bit (16 bytes) key iv = crypto.getrandbits(128) # hardware generated random IV (never reuse it) cipher = AES(key, AES.MODE_CFB, iv) msg = iv + cipher.encrypt(b'Attack at dawn') # ... after properly sent the encrypted message somewhere ... cipher = AES(key, AES.MODE_CFB, msg[:16]) # on the decryption side original = cipher.decrypt(msg[16:]) print(original)
Create an AES object that will let you encrypt and decrypt messages.
The arguments are:
key(byte string) is the secret key to use. It must be 16 (AES-128), 24 (AES-192), or 32 (AES-256) bytes long.
modeis the chaining mode to use for encryption and decryption. Default is
IV(byte string) initialisation vector. Should be 16 bytes long. It is ignored in modes
counter(byte string) used only for
AES.MODE_CTR. Should be 16 bytes long. Should not be reused.
segment_sizeis the number of bits
ciphertextare segmented in. Is only used in
AES.MODE_CFB. Supported values are
Encrypt data with the key and the parameters set at initialisation.
Decrypt data with the key and the parameters set at initialisation.
AES.MODE_ECB: Electronic Code Book. Simplest encryption mode. It does not hide data patterns well (see this article for more info)
AES.MODE_CBC: Cipher-Block Chaining. An Initialisation Vector (IV) is required.
AES.MODE_CFB: Cipher feedback.
ciphertextare processed in segments of
segment_sizebits. Works a stream cipher.
AES.MODE_CTR: Counter mode. Each message block is associated to a counter which must be unique across all messages that get encrypted with the same key.
AES.SEGMENT_128: Length of the segment for
To avoid security issues, IV should always be a random number and should never be reused to encrypt two different messages. The same applies to the counter in CTR mode. You can use
crypto.getrandbits() for this purpose.