

aesconv is a tool for encrypting and decrypting using the AES encryption algorithm.
% aesconv -m ctr -k key -c counter [-r] [-p inputFile] [-o outputFile]
% aesconv -m cbc_encrypt -k key -i iv [-r] [-p inputFile] [-o outputFile]
% aesconv -m cbc_decrypt -k key -i iv [-r] [-p inputFile] [-o outputFile]
% aesconv -m ccm_encrypt -k key -n nonce [-r] [-p inputFile] [-o outputFile] [-a Adata] -t taglen
% aesconv -m ccm_decrypt -k key -n nonce [-r] [-p inputFile] [-o outputFile] [-a Adata] -t tag
Use the -m option to specify the cipher mode and whether to encrypt or decrypt. The five values shown below can be specified.
| Specified Value | Description |
|---|---|
| ctr | CTR Mode |
| cbc_encrypt | Encryption in CBC Mode |
| cbc_decrypt | Decryption in CBC Mode |
| ccm_encrypt | Encryption in CCM Mode |
| ccm_decrypt | Decryption in CCM Mode |
key specifies the key to use for encryption or decryption. Keys can be specified in two ways. The first is to specify the key with hex: followed by a 32-digit hexadecimal value. For example, if the key is 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF in hexadecimal, specify the following option.
-k hex:00112233445566778899AABBCCDDEEFF
The other way is to specify the path to a binary key file.
-k key.bin
Specifying this option will use the first 16 bytes in the file key.bin as the key.
counter specifies the initial counter value in CTR mode. This is specified in the same ways as key is.
iv specifies the initial vector in CBC mode. This is specified in the same ways as key.
nonce specifies the nonce in CCM mode. This is specified in the same ways as key. However, the aesconv tool only supports 96-bit nonces. If specifying this value in hex format, be sure to specify 24 hexadecimal digits; if specifying this value using a file, the first 12 bytes will be used.
Use the -r option to perform encryption or decryption in a format that is compatible with the TWL's AES module.
In inputFile, specify the file where the input data to encrypt or decrypt is stored. If the -p option is not specified, the tool will accept input from standard input.
In outputFile, specify the the output file for the encryption or decryption process. If the -o option is not specified, the tool will output to standard output.
Adata specifies the Adata in CCM mode. Adata can be specified in two ways. The first is to enter Adata from standard input. Specify stdin: followed by the size of Adata in decimal format. If providing the input data from standard input as well without using the -p option, specify Adata first, and then the input data. For example, if the size of Adata is 12345 bytes, enter the following.
-a stdin:12345
The other way is to specify the path to a binary Adata file.
-a adata.bin
Specifying this option will use the entire contents of the adata.bin file as the Adata.
If the -a option is not specified, the tool will consider the size of Adata to be 0.
In taglen, specify the length of the MAC for encryption in CCM mode. The values that can be specified are 4, 6, 8, 10, 12, 14, and 16.
tag specifies the MAC for decryption in CCM mode. The MAC can be specified in two ways. The first is to specify hex: followed by the MAC in hexadecimal format. This will be 8, 12, 16, 20, 24, 28, or 32 digits, depending on the MAC length. For example, specify the following if the MAC is 12 bytes in length, and is represented in hex as 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC.
-t hex:00112233445566778899AABBCC
The other way is to specify the MAC length and then enter the MAC from standard input.
-t 12
Specifying this option will read 12 bytes from standard input and use this data as the MAC. The MAC lengths that can be specified are the same as those for encryption, ( 4, 6, 8, 10, 12, 14, or 16). If providing the input data from standard input as well without using the -p option, specify the input data first, and then the MAC.
$TwlSDK/tools/bin/aesconv.exe
2008/08/22 Initial version.
CONFIDENTIAL