AES File Format

AES Crypt reads and writes file in the .aes file format. The file format is easily identifiable by software. To date, there are three versions of the .aes file format, which are numbered starting with version 0.

The current file format is version 2 and is shown below. The major enhancement to this version is the ability to have user-defined "tags" that may be inserted as plaintext into the encrypted file. These tags are inserted by AES Crypt or by other software that knows how to read and write the .aes file format. These tags are not encrypted so that they may be read or altered after the .aes file is created, without modifying the contents of the encrypted parts of the file or knowing the key required to decrypt the file. Tags should never be considered secure information. Click here to see a hex dump of a simple text file with the contents "Hello, World!" encrypted using AES Crypt.

V2 File Format


 3 Octets - 'AES'
 1 Octet  - 0x02 (Version)
 1 Octet  - Reserved (set to 0x00)
 .... Start of repeating extension block section
 2 Octet  - Length in octets (in network byte order) of an extension
            identifier and contents.  If 0x0000, then no further
            extensions exist and the next octet is the start of the
            Initialization Vector (IV).  Following an extension,
            this length indicator would appear again to indicate
            presence or absence of another extension and the size of
            any such extension.
nn Octets - Extension identifier.  This is either a URI or an
            identifier defined by the AES developer community and
            documented on the standard extensions page, either
            of which is terminated by a single 0x00 octet.  All
            extension identifiers are case sensitive.
              Examples of URIs:
                 http://www.aescrypt.com/extensions/creator/
                 urn:oid:1.3.6.1.4.1.17090.55.14
                 urn:uuid:85519EA3-1DA6-45b9-9041-8CD368D8C086
              Note:
                 A URI was used to allow anybody to define extension
                 types, though we should strive to define a standard
                 set of extensions.
              Examples of standard extension identifiers:
                 CREATED-DATE
                 CREATED-BY
            A special extension is defined that has no name, but is
            merely a "container" for extensions to be added after the
            AES file is initially created.  Such an extension avoids
            the need to read and re-write the entire file in order to
            add a small extension.  Software tools that create AES
            files should insert a 128-octet "container" extension,
            placing a 0x00 in the first octet of the extension
            identifier field.  Developers may then insert extensions
            into this "container" area and reduce the size of this
            "container" as necessary.  If larger extensions are added
            or the "container" area is filled entirely, then reading
            and re-writing the entire file would be necessary to add
            additional extensions.
nn Octets - The contents of the extension
.... End of repeating extension block section
16 Octets - Initialization Vector (IV) used for encrypting the
            IV and symmetric key that is actually used to encrypt
            the bulk of the plaintext file.
48 Octets - Encrypted IV and 256-bit AES key used to encrypt the
            bulk of the file
            16 octets - initialization vector
            32 octets - encryption key
32 Octets - HMAC
nn Octets - Encrypted message (2^64 octets max)
 1 Octet  - File size modulo 16 in least significant bit positions
32 Octets - HMAC

Thus, the footprint of the file is at least 134 octets.

File format is version 1 is no longer written by AES Crypt, though it does have the ability to read files in this format. Version 1 contains enhancements to allow the files to be produced in "streaming" mode, which is suitable for use with Linux as part of a backup process, for example, where the tar command is used and output is sent to AES Crypt as standard input (stdin). The other benefit to version 1 is faster password verification. The password entered by the user is used to encrypt an initialization vector (IV) and 32-octet (256-bit) encryption key, both of which are randomly created. The password can be verified immediately after checking the HMAC that protects this IV and key. The format for version 1 is shown below.

V1 File Format

 3 Octets - 'AES'
 1 Octet  - 0x01 (Version)
 1 Octet  - Reserved (set to 0x00)
16 Octets - Initialization Vector (IV) used for encrypting the
            IV and symmetric key that is actually used to encrypt
            the bulk of the plaintext file.
48 Octets - Encrypted IV and 256-bit AES key used to encrypt the
            bulk of the file
            16 octets - initialization vector
            32 octets - encryption key
32 Octets - HMAC
nn Octets - Encrypted message (2^64 octets max)
 1 Octet  - File size modulo 16 in least significant bit positions
32 Octets - HMAC

Thus, the footprint of the file is at least 134 octets.

Version 0 is no longer written by AES Crypt, though it does have the ability to read files in this format. The format for version 0 is shown below.

V0 File Format

 3 Octets - 'AES'
 1 Octet  - 0x00 (Version)
 1 Octet  - File size modulo 16 in least significant bit positions
16 Octets - Initialization Vector (IV)
nn Octets - Encrypted message (2^64 octets max)
32 Octets - HMAC

Thus, the footprint of the file is at least 53 octets.