AESCrypt: Rijndael encryption for shell scripts and Ruby.

AESCrypt is a program for encrypting/decrypting streams of data using Rijndael and Cipher Block Feedback mode (CFB-128).

Sourceforge project page:



aescrypt -k {keyfile} [-s 128|192|256]
aesget -k {keyfile} [-s 128|192|256]

Encrypt/decrypt stdin using the Advanced Encryption Standard winner "Rijndael" encryption algorithm in Cipher Block Feedback (stream) mode. Uses /dev/urandom to create a salt. Prepends the output stream with salt when encrypting, strips it off when decrypting.

Keyfile format:


where hexdits is:

32 chars for 128 bit
48 chars for 196 bits.
64 chars for 256 bits

Note that there may be other text in the file. But the key must be at start of a line, and must start with 'kk=', and must be hex.

If the key file is "-", it instead reads the hex-coded key bytes off stdin and treats them as a null-terminated hex key. Care must be taken when reading the key from stdin, as you must supply exactly 33 bytes for 128 bit keys, 49 bytes for 192 bit keys, and 65 bytes for 256 bit keys. The stdin functionality is useful in those cases where having the unencrypted key in a file is undesirable, but it is less forgiving in terms of key format.


  1. The keyfile is *NOT* encrypted.
  2. Now supports 192 and 256 bit keys! 128 bits is the default, so it is backward compatible with aescrypt versions not endowed with the -s option.
  3. Need a key generator! ( This should be a simple shell script -- use dd to grab some data, then md5sum to create a hex mix of that data, then 'awk' to grab the hex part of the output of md5sum ).
  4. Relies upon having /dev/urandom. See the Ocotillo PRNG if you don't have a /dev/urandom.
  5. This program was deliberately kept extremely simple. It is not intended to be a full encryption solution, it is intended to be used within scripts as part of a complete solution. Keychain management, public key signatures, etc. are all expected to be done external to this program.

Legal Notices

This software is a cryptographic component. It is not for export or redistribution to any of what are called the "T-10 Terrorist States" as detirmined by the U.S. Department of State. Please comply with this restriction so that this site is not forced to shut down.

December 15, 2000: Export reminder: I received a phone call today from a lady with the U.S. Bureau of Export Administration (BXA) who'd read my AEScrypt page (the URL of which I'd submitted to them for an export license exemption as required by U.S. export regulations, see for more info). aescrypt is of course Open Source. She wished to remind me that any application built using Open Source encryption components had to also be submitted to the BXA for the proper export license or license exemption if the application was to be exported. The export license for the component covers only the component, not applications that use the component. The fact that the component itself is Open Source and thus may be freely exported does not matter.

Hopefully this reminder will prevent problems on the part of those who use AEScrypt or other Open Source encryption components as part of a larger application.

Obtaining Source

The latest versions of this software is available only as source in the directories /pub/crypto/aescrypt and /pub/crypto/aes-rb (for the Ruby version) . Older versions are available on this web page.


./configure -prefix=/location/to/install
make install


AESCrypt was written by Eric Lee Green, and was modified to use Rijndael rather than Twofish by Randy Kaelber. Randy also added support for larger key sizes. AESCrypt is copyrighted by Enhanced Software Technologies Inc., but is released under a BSD-style Open Source license. See file LICENSE for info. The Ruby module is based upon the Rijndael routines in aescrypt, combined with the logic from twofish-py, and was written by Eric Lee Green. It is released under a BSD-style Open Source license, with the exception of a few sample programs, which are under the Ruby license.

Attribution information: This software includes Rijndael encryption routines by Antoon Bosselaers and Vincent Rijmen. They have stated that their routines are free for public use.


Eric Lee Green and Randy Kaelber


Done by VA Software's Source Forge service. When VA finally finishes going bankrupt, aescrypt will be self-hosted at the site "" (but don't bother going there yet, it's not going up until SourceForge goes kafloop).
Eric Lee Green
Last modified: Sept 17, 2002