aescrypt-rs

Fast, safe, streaming Rust implementation of the AES Crypt file format

Read: Full compatibility with all versions — v0, v1, v2, and v3
Write: Modern v3 only (PBKDF2-HMAC-SHA512, PKCS#7 padding, proper session-key encryption)
Convert: convert_to_v3() — bit-perfect migration from any legacy file to modern v3
AES-256-CBC with HMAC-SHA256 (payload) + HMAC-SHA512 (session) authentication
Constant-memory streaming (64-byte ring buffer)
Zero-cost secure memory & cryptographically secure RNG via secure-gate v0.5.7 (enabled by default)
No unsafe in the core decryption path when zeroize is enabled
Pure Rust, #![no_std]-compatible core
100% bit-perfect round-trip verified against all 63 official v0–v3 test vectors
Legacy to v3 conversion mathematically proven perfect across 20+ years of AES Crypt history

Support the Original Author

AES Crypt was created and maintained for over two decades by Paul E. Jones.

Paul’s work laid the foundation for secure, cross-platform file encryption that benefits everyone.

If you find AES Crypt (or this Rust port) useful, please consider supporting Paul directly:

Official apps & licenses: https://www.aescrypt.com/download/
Business/enterprise licensing: https://www.aescrypt.com/license.html

Your support keeps the original tools alive and funds future development.

Version Support Summary

Operation	v0	v1	v2	v3
Decrypt	Yes	Yes	Yes	Yes
Encrypt	–	–	–	Yes
Convert to v3	Yes	Yes	Yes	—

Why v3-only on write?
Version 3 is the only secure, future-proof variant (PBKDF2 with configurable iterations, UTF-8 passwords, PKCS#7 padding). Producing legacy formats today would be a security downgrade.

Cryptographic Primitives (v3)

Layer	Encryption	Integrity / KDF
Password to Master Key	–	PBKDF2-HMAC-SHA512
Session Key + IV (48 B)	AES-256-CBC	HMAC-SHA256
File Payload	AES-256-CBC	HMAC-SHA256

Proven Correctness — The Gold Standard

This library has mathematically proven bit-for-bit compatibility via:

Full round-trip testing against all 63 official AES Crypt test vectors (v0–v3)
convert_to_v3 test suite that decrypts legacy files → re-encrypts as v3 → decrypts again → verifies byte-for-byte identity
Uses real-world 300,000 PBKDF2 iterations in release mode (no shortcuts)
Total runtime: ~25 seconds — the sound of unbreakable data integrity

Files created in 2005 with the original AES Crypt tools will round-trip perfectly through aescrypt-rs in 2025 and beyond.

API Highlights

`convert_to_v3` — Migrate Legacy Files Forever

use aescrypt_rs::{convert_to_v3, Password};
use std::fs::File;
use std::io::{BufReader, BufWriter};

let password = Password::new("my-old-password".to_string());

let input = BufReader::new(File::open("secret.aes")?);
let mut output = BufWriter::new(File::create("secret-v3.aes")?);

convert_to_v3(input, &mut output, &password, 300_000)?;
println!("Legacy file successfully converted to modern v3 format!");

Standard Encrypt / Decrypt

use aescrypt_rs::{encrypt, decrypt, Password};
use std::io::Cursor;

let plaintext = b"The quick brown fox jumps over the lazy dog";
let password = Password::new("correct horse battery staple".to_string());

let mut encrypted = Vec::new();
encrypt(Cursor::new(plaintext), &mut encrypted, &password, 600_000)?;

let mut decrypted = Vec::new();
decrypt(Cursor::new(&encrypted), &mut decrypted, &password)?;

assert_eq!(plaintext.as_slice(), decrypted);
println!("Round-trip successful!");

Features

Feature	Description
`zeroize` (default)	Automatic secure zeroing of keys/IVs on drop (strongly recommended)
`batch-ops`	Parallel encryption/decryption using Rayon (opt-in)

Installation

[dependencies]

aescrypt-rs = "0.1.2"

Or with all optional features:

aescrypt-rs = { version = "0.1.2", features = ["batch-ops"] }

Performance (Intel i7-10510U @ 1.8 GHz – Windows 11 – Rust 1.82 – release)

Workload	Throughput	Notes
Decrypt 10 MiB	~171 MiB/s	Pure streaming (no KDF)
Encrypt 10 MiB (with KDF)	~160 MiB/s	Includes PBKDF2-SHA512 (~300k iterations)
Full round-trip 10 MiB	~76 MiB/s	Encrypt → decrypt back-to-back

~6–7 seconds for a full 1 GiB file on a 2019 laptop (excluding ~180 ms key derivation).
On modern desktop CPUs or Apple Silicon, expect >1 GiB/s.

Parallel performance (`batch-ops` enabled)

Files	Sequential	Parallel	Speedup
8 × 10 MB	1.04 s	367 ms	2.82×

`SecureRandomExt::random()`

Upgraded to secure-gate v0.5.7 with the new rand feature
→ All random session keys, IVs, and salts are now generated via SecureRandomExt::random()
→ Thread-local, lazy-initialized OsRng, zero-cost, fully no_std, panic-on-failure
→ Removed duplicated RNG code — smaller, cleaner, and even safer

No breaking changes. All tests and benchmarks remain green.

Legal & Independence

aescrypt-rs is an independent, community-maintained implementation of the publicly documented AES Crypt file format:
https://www.aescrypt.com/aes_file_format.html

It is not affiliated with Paul E. Jones, Packetizer, Inc., or Terrapane Corporation.

Correctness verified against the official reference implementation — no source code copied.

License

Licensed under either of

Apache License, Version 2.0 (LICENSE-APACHE)
MIT license (LICENSE-MIT)

at your option.

Contributing

Pull requests are very welcome!
main is the stable branch.

aescrypt-rs — the modern, safe, provably perfect way to read, write, and migrate AES Crypt files in Rust.

aescrypt-rs 0.1.2