AESFile Class
Properties Methods Events Config Settings Errors
The AESFile class implements the AESF file format and uses the XTS-AES standard with 256-bit encryption.
Syntax
ipworksencrypt.aesfile()
Remarks
The AESFile component provides robust encryption capabilities to securely store and retrieve data using XTS-AES 256-bit encryption. This component implements the AESF file format, enabling developers to encrypt arbitrary data and serialize it in a standardized manner.
The first step in using the component is to set Password property. Specify the input data using InputFile or InputMessage. Next, call Encrypt and the component will encrypt the input data and populate OutputMessage, or write to the file specified by OutputFile with the result.
To change the password of existing file encrypted in AESF format, or to encrypt a file under a different password call ChangePassword. To decrypt data, first set Password property. Specify the input data using InputFile or InputMessage. Next, call Decrypt and the component will compute the plaintext and populate OutputMessage or write to OutputFile with the result.
AES File Format
The AES file format used by AES Drive is documented below in detail. All algorithms used by AES Drive are standards and publicly documented.
Each encrypted file consists of a header and the encrypted contents. The header is 144 bytes in length and contains the AES file format version, a checksum of the header bytes, and the encrypted file-specific key and padding length. The original file data is encrypted using XTS-AES with file-specific keys that are derived from a master key for the drive.
4 bytes [0-3] | AESF. This is a file signature value which indicates the file is formatted according to this specification. | ||||||||
1 byte [4] | 0x01. This is the file format version. This documentation defines the format for version 1. | ||||||||
2 bytes [5-6] | Build number of the application used to create the file. These two bytes represent a 16-bit integer holding the build number of AES Drive that created the file. This field is informational only. Byte 5 holds the high-order bits and byte 6 holds the low-order bits. To decode these bytes into the build number the following code may be used:
int buildNumber = headerBytes[5] << 8 | headerBytes[6];
| ||||||||
5 bytes [7-11] | 0x00. Reserved for future use. | ||||||||
4 bytes [12-15] | CRC32 checksum. The CRC32 checksum is calculated by first replacing these 4 bytes with 0x00 then computing the checksum over the 144 byte header. The resulting numeric value is converted into 4 bytes using the operation:
| ||||||||
16 bytes [16-31] | Global salt value. The global salt value is a random value created when the drive is created and used when encrypting newly created files within the drive. It is used when deriving the key to decrypt the encrypted header portion. See the section below for details about the encrypted header portion. | ||||||||
16 bytes [32-47] | File-specific salt value. The file-specific salt value is a random value created when the file is created. It is used when deriving the key to decrypt the encrypted header portion. See the section below for details about the encrypted header portion. | ||||||||
80 bytes [48-127] | AES-GCM encrypted header portion. The steps to derive the key to decrypt the encrypted header portion are as follows:
The derived Key and IV are used together with the AES-GCM Auth Tag which are the last 16 bytes of the 144 byte header to AES-GCM decrypt the 80 byte encrypted header portion. The decrypted header portion contains:
| ||||||||
16 bytes [128-143] | AES-GCM auth tag. This auth tag is used when decrypting the previous 80 byte encrypted header portion. | ||||||||
nn bytes | The XTS-AES 256 encrypted file content. The data unit size is 512 bytes. The first 32 bytes of the file-specific encryption key from the decrypted header is the first key. The last 32 bytes of the file-specific encryption key from the decrypted header is the second key. | ||||||||
512 bytes |
The last 512 bytes of the encrypted file contain encrypted padding bytes and additional unencrypted random bytes. When encrypting, the last plaintext block of data may be padded with random bytes as needed to reach 512 bytes in length (the data unit size). The padding length is encrypted and stored in the encrypted header portion. Once the data is encrypted additional random bytes are appended to the end of the encrypted file so that the padding bytes plus additional random bytes together are 512 bytes in length. For instance if the padding is 100 bytes in length, then 412 additional bytes will be appended to the encrypted data to reach a total of 512 bytes. This scheme allows applications to easily determine the length of the decrypted file without having to first decrypt the encrypted header portion to obtain the padding length. The decrypted file length can be computed like so:
When decrypting, the padding length is determined from the encrypted header. The number of additional random bytes is 512 minus the padding length. The additional random bytes are discarded before using XTS-AES to decrypt the file content. After decrypting the file content, the padding bytes in the decrypted content are discarded.
|
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
GlobalSalt | The additional random data to compute encryption keys. |
InputFile | The file to process. |
InputMessage | The message to process. |
OutputFile | The output file when encrypting or decrypting. |
OutputMessage | The output message after processing. |
Overwrite | Indicates whether or not the class should overwrite files. |
Password | The password to be used to calculate encryption and decryption keys. |
Salt | The additional random data included in the file header. |
Version | The AESF file format version number. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
ChangePassword | Changes the password for the specified file. |
Config | Sets or retrieves a configuration setting. |
Decrypt | Decrypts the data. |
Encrypt | Encrypts the data. |
Reset | Resets the class. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
Error | Fired when information is available about errors during data delivery. |
Log | Fires with log information during processing. |
Progress | Fired as progress is made. |
Config Settings
The following is a list of config settings for the class with short descriptions. Click on the links for further details.
BuildNumber | The build number of the encrypted data. |
LogLevel | Specifies the level of detail that is logged. |
WriteToProgressEvent | Whether to write output data so it is accessible from inside the progress event. |
BuildInfo | Information about the product's build. |
CodePage | The system code page used for Unicode to Multibyte translations. |
LicenseInfo | Information about the current license. |
MaskSensitiveData | Whether sensitive data is masked in log messages. |
UseInternalSecurityAPI | Whether or not to use the system security libraries or an internal implementation. |
AESFile.GlobalSalt Property
The additional random data to compute encryption keys.
Syntax
getGlobalSalt(): Uint8Array; setGlobalSalt(globalSalt: Uint8Array): void;
Default Value
""
Remarks
This is an optional property and will be populated when Decrypt is called. When this property is set, it will provide additional randomness to encryption. The length of the salt must be 16 bytes.
The global salt will be used during generation of a key and IV. It can optionally be set before calling the Encrypt method. It is recommended to use a unique and randomly generated value. If it is not set, then the class will generate a value automatically.
AESFile.InputFile Property
The file to process.
Syntax
getInputFile(): string; setInputFile(inputFile: string): void;
Default Value
""
Remarks
This property specifies the file to be processed. Set this property to the full or relative path to the file which will be processed.
Input and Output Properties
The class will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
- InputFile
- InputMessage
When a valid source is found, the search stops. The order in which the output properties are checked is as follows:
- OutputFile
- OutputMessage: The output data is written to this property if no other destination is specified.
AESFile.InputMessage Property
The message to process.
Syntax
getInputMessage(): Uint8Array; setInputMessage(inputMessage: Uint8Array): void;
Default Value
""
Remarks
This property specifies the message to be processed.
Input and Output Properties
The class will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
- InputFile
- InputMessage
When a valid source is found, the search stops. The order in which the output properties are checked is as follows:
- OutputFile
- OutputMessage: The output data is written to this property if no other destination is specified.
AESFile.OutputFile Property
The output file when encrypting or decrypting.
Syntax
getOutputFile(): string; setOutputFile(outputFile: string): void;
Default Value
""
Remarks
This property specifies the file to which the output will be written when Encrypt or Decrypt is called. This may be set to an absolute or relative path.
This property is only applicable to Encrypt and Decrypt.
Input and Output Properties
The class will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
When a valid source is found, the search stops. The order in which the output properties are checked is as follows:
- OutputFile
- OutputMessage: The output data is written to this property if no other destination is specified.
AESFile.OutputMessage Property
The output message after processing.
Syntax
getOutputMessage(): Uint8Array;
Default Value
""
Remarks
This property will be populated with the output from the operation if OutputFile is not set.
Input and Output Properties
The class will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
When a valid source is found, the search stops. The order in which the output properties are checked is as follows:
- OutputFile
- OutputMessage: The output data is written to this property if no other destination is specified.
This property is read-only and not available at design time.
AESFile.Overwrite Property
Indicates whether or not the class should overwrite files.
Syntax
isOverwrite(): boolean; setOverwrite(overwrite: boolean): void;
Default Value
FALSE
Remarks
This property indicates whether or not the class will overwrite OutputFile. If Overwrite is False, an error will be thrown whenever OutputFile exists before an operation. The default value is False.
AESFile.Password Property
The password to be used to calculate encryption and decryption keys.
Syntax
getPassword(): string; setPassword(password: string): void;
Default Value
""
Remarks
When this property is set the class will use PBKDF2 to derive an XTS master key. This must be set before calling Encrypt or Decrypt.
While there are no strict format or length requirements, it is recommended to use complex passwords. Once set, the password is transformed and never held in plaintext in memory.
AESFile.Salt Property
The additional random data included in the file header.
Syntax
getSalt(): Uint8Array; setSalt(salt: Uint8Array): void;
Default Value
""
Remarks
This property is optional and will be populated when Decrypt is called. When this property is set it will provide additional randomness to encryption at the file level. The length of the salt must be 16 bytes.
The salt will be used within each file as input to encryption. It can optionally be set before calling the Encrypt method. It is recommended to use a unique and randomly generated value. If it is not set, then the class will generate a value automatically.
AESFile.Version Property
The AESF file format version number.
Syntax
getVersion(): number; setVersion(version: number): void;
Default Value
1
Remarks
This property will be populated when Decrypt is called. Possible values are:
1 (v1 - Default) |
AESFile.changePassword Method
Changes the password for the specified file.
Syntax
async aesfile.changePassword(path : string, oldPassword : string, newPassword : string): Promise<void>
Remarks
ChangePassword is optional and allows you to update the password used to encrypt an AESF file. This securely changes the password, ensuring that the file remains protected with the new password.
AESFile.config Method
Sets or retrieves a configuration setting.
Syntax
async aesfile.config(configurationString : string): Promise<string>
Remarks
Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
AESFile.decrypt Method
Decrypts the data.
Syntax
async aesfile.decrypt(): Promise<void>
Remarks
This method will decrypt the specified data. The Password property is required.
Input and Output Properties
The class will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
When a valid source is found, the search stops. The order in which the output properties are checked is as follows:
- OutputFile
- OutputMessage: The output data is written to this property if no other destination is specified.
AESFile.encrypt Method
Encrypts the data.
Syntax
async aesfile.encrypt(): Promise<void>
Remarks
This method will encrypt the specified data. The following properties are applicable:
- Password (required)
- GlobalSalt
- Version
Input and Output Properties
The class will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
When a valid source is found, the search stops. The order in which the output properties are checked is as follows:
- OutputFile
- OutputMessage: The output data is written to this property if no other destination is specified.
AESFile.reset Method
Resets the class.
Syntax
async aesfile.reset(): Promise<void>
Remarks
When called, the class will reset all of its properties to their default values.
AESFile.Error Event
Fired when information is available about errors during data delivery.
Syntax
aesfile.on('Error', listener: (e: {readonly errorCode: number, readonly description: string}) => void )
Remarks
The Error event is fired in case of exceptional conditions during message processing. Normally the class .
The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.
AESFile.Log Event
Fires with log information during processing.
Syntax
aesfile.on('Log', listener: (e: {readonly logLevel: number, readonly message: string, readonly logType: string}) => void )
Remarks
This event fires during processing with log information. The level of detail that is logged is controlled via the LogLevel.
LogLevel indicates the level of message. Possible values are:
0 (None) | No events are logged. |
1 (Info - default) | Informational events are logged. |
2 (Verbose) | Detailed data is logged. |
3 (Debug) | Debug data is logged. |
LogMessage is the log entry.
LogType indicates the type of log. Possible values are:
- "INFO"
- "ENCRYPT"
- "COMPRESS"
- "SIGN"
- "DECRYPT"
- "DECOMPRESS"
- "VERIFY"
- "DEBUG"
AESFile.Progress Event
Fired as progress is made.
Syntax
aesfile.on('Progress', listener: (e: {readonly data: string, readonly dataB: Uint8Array, readonly filename: string, readonly bytesProcessed: number, readonly percentProcessed: number}) => void )
Remarks
This event is fired automatically as data is encrypted or decrypted by the class. When WriteToProgressEvent is true, the output data is provided through the Data parameter, allowing for it to be streamed out.
Filename contains the name of the file being written. If no file is being written, Filename will contain an empty string, and the output data will be provided exclusively through this event.
The PercentProcessed parameter indicates the current status of the operation.
The BytesProcessed parameter holds the total number of bytes processed so far.
Config Settings (class ipworksencrypt.aesfile)
The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.AESFile Config Settings
0 (None) | No events are logged. |
1 (Info - default) | Informational events are logged. |
2 (Verbose) | Detailed data is logged. |
3 (Debug) | Debug data is logged. |
By default, this config is set to false.
Base Config Settings
The following is a list of valid code page identifiers:
Identifier | Name |
037 | IBM EBCDIC - U.S./Canada |
437 | OEM - United States |
500 | IBM EBCDIC - International |
708 | Arabic - ASMO 708 |
709 | Arabic - ASMO 449+, BCON V4 |
710 | Arabic - Transparent Arabic |
720 | Arabic - Transparent ASMO |
737 | OEM - Greek (formerly 437G) |
775 | OEM - Baltic |
850 | OEM - Multilingual Latin I |
852 | OEM - Latin II |
855 | OEM - Cyrillic (primarily Russian) |
857 | OEM - Turkish |
858 | OEM - Multilingual Latin I + Euro symbol |
860 | OEM - Portuguese |
861 | OEM - Icelandic |
862 | OEM - Hebrew |
863 | OEM - Canadian-French |
864 | OEM - Arabic |
865 | OEM - Nordic |
866 | OEM - Russian |
869 | OEM - Modern Greek |
870 | IBM EBCDIC - Multilingual/ROECE (Latin-2) |
874 | ANSI/OEM - Thai (same as 28605, ISO 8859-15) |
875 | IBM EBCDIC - Modern Greek |
932 | ANSI/OEM - Japanese, Shift-JIS |
936 | ANSI/OEM - Simplified Chinese (PRC, Singapore) |
949 | ANSI/OEM - Korean (Unified Hangul Code) |
950 | ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC) |
1026 | IBM EBCDIC - Turkish (Latin-5) |
1047 | IBM EBCDIC - Latin 1/Open System |
1140 | IBM EBCDIC - U.S./Canada (037 + Euro symbol) |
1141 | IBM EBCDIC - Germany (20273 + Euro symbol) |
1142 | IBM EBCDIC - Denmark/Norway (20277 + Euro symbol) |
1143 | IBM EBCDIC - Finland/Sweden (20278 + Euro symbol) |
1144 | IBM EBCDIC - Italy (20280 + Euro symbol) |
1145 | IBM EBCDIC - Latin America/Spain (20284 + Euro symbol) |
1146 | IBM EBCDIC - United Kingdom (20285 + Euro symbol) |
1147 | IBM EBCDIC - France (20297 + Euro symbol) |
1148 | IBM EBCDIC - International (500 + Euro symbol) |
1149 | IBM EBCDIC - Icelandic (20871 + Euro symbol) |
1200 | Unicode UCS-2 Little-Endian (BMP of ISO 10646) |
1201 | Unicode UCS-2 Big-Endian |
1250 | ANSI - Central European |
1251 | ANSI - Cyrillic |
1252 | ANSI - Latin I |
1253 | ANSI - Greek |
1254 | ANSI - Turkish |
1255 | ANSI - Hebrew |
1256 | ANSI - Arabic |
1257 | ANSI - Baltic |
1258 | ANSI/OEM - Vietnamese |
1361 | Korean (Johab) |
10000 | MAC - Roman |
10001 | MAC - Japanese |
10002 | MAC - Traditional Chinese (Big5) |
10003 | MAC - Korean |
10004 | MAC - Arabic |
10005 | MAC - Hebrew |
10006 | MAC - Greek I |
10007 | MAC - Cyrillic |
10008 | MAC - Simplified Chinese (GB 2312) |
10010 | MAC - Romania |
10017 | MAC - Ukraine |
10021 | MAC - Thai |
10029 | MAC - Latin II |
10079 | MAC - Icelandic |
10081 | MAC - Turkish |
10082 | MAC - Croatia |
12000 | Unicode UCS-4 Little-Endian |
12001 | Unicode UCS-4 Big-Endian |
20000 | CNS - Taiwan |
20001 | TCA - Taiwan |
20002 | Eten - Taiwan |
20003 | IBM5550 - Taiwan |
20004 | TeleText - Taiwan |
20005 | Wang - Taiwan |
20105 | IA5 IRV International Alphabet No. 5 (7-bit) |
20106 | IA5 German (7-bit) |
20107 | IA5 Swedish (7-bit) |
20108 | IA5 Norwegian (7-bit) |
20127 | US-ASCII (7-bit) |
20261 | T.61 |
20269 | ISO 6937 Non-Spacing Accent |
20273 | IBM EBCDIC - Germany |
20277 | IBM EBCDIC - Denmark/Norway |
20278 | IBM EBCDIC - Finland/Sweden |
20280 | IBM EBCDIC - Italy |
20284 | IBM EBCDIC - Latin America/Spain |
20285 | IBM EBCDIC - United Kingdom |
20290 | IBM EBCDIC - Japanese Katakana Extended |
20297 | IBM EBCDIC - France |
20420 | IBM EBCDIC - Arabic |
20423 | IBM EBCDIC - Greek |
20424 | IBM EBCDIC - Hebrew |
20833 | IBM EBCDIC - Korean Extended |
20838 | IBM EBCDIC - Thai |
20866 | Russian - KOI8-R |
20871 | IBM EBCDIC - Icelandic |
20880 | IBM EBCDIC - Cyrillic (Russian) |
20905 | IBM EBCDIC - Turkish |
20924 | IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol) |
20932 | JIS X 0208-1990 & 0121-1990 |
20936 | Simplified Chinese (GB2312) |
21025 | IBM EBCDIC - Cyrillic (Serbian, Bulgarian) |
21027 | Extended Alpha Lowercase |
21866 | Ukrainian (KOI8-U) |
28591 | ISO 8859-1 Latin I |
28592 | ISO 8859-2 Central Europe |
28593 | ISO 8859-3 Latin 3 |
28594 | ISO 8859-4 Baltic |
28595 | ISO 8859-5 Cyrillic |
28596 | ISO 8859-6 Arabic |
28597 | ISO 8859-7 Greek |
28598 | ISO 8859-8 Hebrew |
28599 | ISO 8859-9 Latin 5 |
28605 | ISO 8859-15 Latin 9 |
29001 | Europa 3 |
38598 | ISO 8859-8 Hebrew |
50220 | ISO 2022 Japanese with no halfwidth Katakana |
50221 | ISO 2022 Japanese with halfwidth Katakana |
50222 | ISO 2022 Japanese JIS X 0201-1989 |
50225 | ISO 2022 Korean |
50227 | ISO 2022 Simplified Chinese |
50229 | ISO 2022 Traditional Chinese |
50930 | Japanese (Katakana) Extended |
50931 | US/Canada and Japanese |
50933 | Korean Extended and Korean |
50935 | Simplified Chinese Extended and Simplified Chinese |
50936 | Simplified Chinese |
50937 | US/Canada and Traditional Chinese |
50939 | Japanese (Latin) Extended and Japanese |
51932 | EUC - Japanese |
51936 | EUC - Simplified Chinese |
51949 | EUC - Korean |
51950 | EUC - Traditional Chinese |
52936 | HZ-GB2312 Simplified Chinese |
54936 | Windows XP: GB18030 Simplified Chinese (4 Byte) |
57002 | ISCII Devanagari |
57003 | ISCII Bengali |
57004 | ISCII Tamil |
57005 | ISCII Telugu |
57006 | ISCII Assamese |
57007 | ISCII Oriya |
57008 | ISCII Kannada |
57009 | ISCII Malayalam |
57010 | ISCII Gujarati |
57011 | ISCII Punjabi |
65000 | Unicode UTF-7 |
65001 | Unicode UTF-8 |
Identifier | Name |
1 | ASCII |
2 | NEXTSTEP |
3 | JapaneseEUC |
4 | UTF8 |
5 | ISOLatin1 |
6 | Symbol |
7 | NonLossyASCII |
8 | ShiftJIS |
9 | ISOLatin2 |
10 | Unicode |
11 | WindowsCP1251 |
12 | WindowsCP1252 |
13 | WindowsCP1253 |
14 | WindowsCP1254 |
15 | WindowsCP1250 |
21 | ISO2022JP |
30 | MacOSRoman |
10 | UTF16String |
0x90000100 | UTF16BigEndian |
0x94000100 | UTF16LittleEndian |
0x8c000100 | UTF32String |
0x98000100 | UTF32BigEndian |
0x9c000100 | UTF32LittleEndian |
65536 | Proprietary |
- Product: The product the license is for.
- Product Key: The key the license was generated from.
- License Source: Where the license was found (e.g., RuntimeLicense, License File).
- License Type: The type of license installed (e.g., Royalty Free, Single Server).
- Last Valid Build: The last valid build number for which the license will work.
This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.
Setting this configuration setting to true tells the class to use the internal implementation instead of using the system security libraries.
This setting is set to false by default on all platforms.
Trappable Errors (class ipworksencrypt.aesfile)
AESFile Errors
105 | An invalid parameter was specified. |
111 | Overwrite is false and the destination already exists. |
112 | No input was specified. |
115 | Invalid password. |
116 | No password was specified. |
202 | The input file is not valid AESF format. |
303 | Cannot open file. |
304 | Cannot write file. |
305 | Cannot read file. |
306 | Cannot create file. |