Explore more
Securing data with Make
AES (Advanced Encryption Standard)
2 min
https //apps make com/crypto#encryptor modules is a symmetric algorithm, using the same key for both encryption and decryption you can choose between simple and advanced modules in the encryptor app advanced modules are recommended, giving you more control and allowing your key to be hidden the aes algorithm has four components component description key select a key of either 128 or 256 bits a longer key provides more security initialization vector a random value used at the beginning of encryption to make sure the same data looks different each time it's encrypted, so no one can guess the plaintext value from the results the initialization vector is sometimes called nonce you can choose utf 8, base64, or hexadecimal for encoding authentication tag a code generated after encrypting the message it is also called an integrity check value (icv) or message authentication code (mac) this value is calculated using the cyphertext and the initialization vector it is a unique value generated from the encrypted message the tag is sent with the message and the recipient repeats the process to generate the authentication tag using the received message if the two tags are the same, the shared message is the same modes methods for encrypting data cbc (cipher block chaining) mode encrypts each block of data by combining it with the previous block's ciphertext and requires an initialization vector to start the chain gcm (galois/counter) mode combines encryption with the authentication tag to ensure the integrity of the data example encrypt and decrypt a message with the encryptor app aes (simple) modules in this example we will select content to encrypt and send to a recipient select a secret key to share with the recipient ahead of time, to decrypt the content encrypt the message decrypt the message step 1 select content to encrypt in this example, we set a variable initialtext with our content to send with encryption in your scenario, you may have the content set another way or pulled from a different source step 2 select a secret key a secret key can be any content agreed upon by the sender and recipient a word, a phrase, or a series of characters in aes simple encryption and decryption, the secret key is not hidden if you share the scenario with any other users or download the blueprint to share, your secret key is exposed step 3 encrypt the message add the encryptor > aes encrypt (simple) module to your scenario select the input encoding in this example, we use utf 8 in the data field, map or input the value of the content you want to encrypt select the output encoding in this example, we use hexadecimal in the secret key field, enter the secret key you have shared with the recipient the secret key is not hidden if you share the scenario with any other users or download the blueprint to share, your secret key is exposed click save the message is encrypted the output of this module is the encrypted message in hexadecimal format step 4 decrypt the message add the encryptor > aes decrypt (simple) module to your scenario select the input encoding in this example, we use hexadecimal to match the output encoding used to encrypt the message in the data field, map or input the value of the content you want to decrypt select the output encoding in this example, we use utf 8 in the secret key field, enter the secret key you have shared with the sender the secret key is not hidden if you share the scenario with any other users or download the blueprint to share, your secret key is exposed click save the message is decrypted the output of this module is the decrypted message and should match the original content set in the initialtext variable if the wrong secret key is used, the message has been modified, or the encoding does not match, the module outputs an error example encrypt and decrypt a message with the encryptor app aes (advanced) modules in this example we will select content to encrypt and send to a recipient generate an aes key set an initialization vector encrypt the message (gcm ciphor algorithm) decrypt the message (gcm ciphor algorithm) step 1 select content to encrypt in this example, we set a variable initialtext with our content to send with encryption in your scenario, you may have the content set another way or pulled from a different source step 2 generate an aes key to encrypt and decrypt messages with aes, the key must be shared between the sender and recipient ahead of time to generate an aes key go to an encryption key generator website of your choice in this example, we use https //randomkeygen com/encryption key select or set the following values key size 128 or 256 bits in this example we use 256 bits format hexadecimal or base64 in this example, we use hexadecimal click generate to get your aes key if you are using a different tool to generate your key, your steps may be different copy the aes key save it in a safe place you will use this aes key to create a keychain and encrypt your content step 3 set an initialization vector although aes key generator websites also provide initialization vectors, it is best to use a different initialization vector every time, for more secure encryption for this reason, we use the set variable module to generate a new initialization variable before the content is encrypted add the tools > set variable module to your scenario in the variable name field, enter a name for your initialization vector in the variable value field, enter the following to generate a substring of a unique id (128 bit) with only the first 16 characters substring(uuid; 0; 16) the uuid variable can be found under the text and binary functions tab the initialization vector variable is mapped in the encryption module in the next step you need to use a 128 bit initialization vector for the gcm cipher algorithm for the cbc cipher algorithm, you can use a 96 bit initalization vector instead gcm is the preferred method, shown here step 4 encrypt the message (gcm ciphor algorithm) add the encryptor > aes encrypt (advanced) module to your scenario click create a keychain enter a name for your aes key in the key field, enter your aes key in the key encoding field, select hexadecimal click create in the bits field, select 256 in the input encoding field, select utf 8 in the data field, map the value of the content you want to encrypt in the output encoding field, select hexadecimal in the cipher algorithm field, select gcm in the initialization vector encoding field, select utf 8 in the initalization vector field, map the value of the initialization vector created in the previous set variable module click save the message is encrypted the output of this module has the data, initialization vector, and authentication tag in hexadeximal format you will use these values to decrypt the message if you run the scenario again, the output data will be different because the initialization vector is a variable that changes with each run the initialization vector and the authentication tag can be sent in cleartext to the recipient; they don't need to be secured step 5 decrypt the message (gcm ciphor algorithm) add the encryptor > aes decrypt (advanced) module to your scenario use the same keychain created in step 4 above or create a new keychain with the same values in aes encryption, the sender and recipient use the same key to encrypt and decrypt the message in the bits field, select 256 in the input encoding field, select hexadecimal to match the encryption output encoding in the data field, map the value of the encryption output data in the output encoding field,select utf 8 in the cipher algorithm field, select gcm to match the same algorithm used for encryption in the initialization vector encoding field, select hexadecimal to match the encyption output encoding of this value in the initalization vector field, map the value of the initialization vector from the encryption output in the authentication tag encoding field, select hexadecimal to match the encryption output encoding of this value in the authentication tag field, map the value of the authentication tag from the encryption output click save the message is decrypted the output of this module is the decrypted message and should match the original content set in the initialtext variable if the wrong key is used, the message has been modified, or there is a discrepancy with the initalization vector or authentication tag, the module outputs an error