Words By John Carl Villanueva
Last Updated:
Learn about AES encryption and its vital role in securing sensitive files you send over the Internet. JSCAPE MFT Server uses AES encryption on its services.
- Blog
- Secure File Transfer
- SFTP
- FTPS
First adopted by the U.S. government to protect classified information, Advanced Encryption Standard (AES) has long gained global acceptance and is used for securing sensitive data in various industries. In this post, we'll discuss AES encryption and explain its vital role in securing sensitive files sent over the Internet. AES is a cipher, a method for encrypting and decrypting information. Whenever you transmit files over secure file transfer protocols like HTTPS, FTPS, SFTP, WebDAVS, OFTP, or AS2, there's a good chance your data will be encrypted by some flavor of AES ciphers — either AES 256, 192, or 128. We'll discuss more about these AES encryptions shortly. Different secure managed file transfer software may be equipped with varying selections of encryption algorithms. Some ciphers may be included in certain selections but absent in others. Not AES. AES will almost always be present in all but a few. Why is this so? It all started when the US government began looking for a new encryption algorithm that could be used to protect sensitive data. For about two decades since 1977, the US government used a cipher called DES (Data Encryption Standard) to protect sensitive, unclassified information. Unfortunately, that cipher was later proven to be insecure, prompting the government to look for a replacement. This led to a standardization process that attracted 15 competing encryption designs, which included — among others — MARS from IBM, RC6 from RSA Security, Serpent, Twofish, and Rijndeal. It was Rijndael, designed by two Belgian cryptographers (Joan Daemen and Vincent Rijmen), that eventually became the standard and is known as Advanced Encryption Standard or AES. The selection process was very stringent, taking five years to complete. During that span, many experts from the cryptographic community carried out detailed tests and painstaking discussions to find vulnerabilities and weaknesses. The participation of different sectors, which showed the openness of the selection process, speaks volumes of how credible the process was. Although the cipher's strength against various attacks was a major consideration in choosing the standard, it included other factors like speed, versatility, and computational requirements. The government wanted an encryption standard that wasn't just strong, but also fast, reliable and easily implemented in both software and hardware — even those with limited CPU and memory. Although the other encryption algorithms were also very good, the Rijndael cipher was ultimately selected and declared a Federal Information Processing Standards or FIPS standard by the NIST (National Institute of Standards and Technology) in 2001. It was approved by the Secretary of Commerce and then recognized as a federal government standard the following year. Note: The official AES standard is specified in FIPS PUB 197. The rise of AES didn't end there. In 2003, the government deemed it suitable for protecting classified information. The NSA (National Security Agency) is still using AES to encrypt Top Secret information. This is why AES has gained the confidence of various industries. If it's good enough for the NSA, then it must be good enough for businesses. So how does AES work? AES belongs to a family of ciphers known as block ciphers. A block cipher is an algorithm that encrypts data on a per-block basis. The size of each block is usually measured in bits. AES, for example, is 128 bits long. Meaning, AES will operate on 128 bits of plaintext to produce 128 bits of ciphertext. Like almost all modern encryption algorithms, AES requires the use of secret keys during the encryption and decrypt processes. AES supports three keys with different key lengths: 128-bit key, 192-bit keys, and 256-bit keys. The key size is also important. The longer the key, the stronger the encryption. So, AES 128 encryption is the weakest, while AES 256 encryption is the strongest. In terms of performance though, shorter keys result in faster encryption times compared to longer keys. So 128 bit AES encryption is faster than AES 256 bit encryption. The keys used in AES encryption are the same keys used in AES decryption. When the same keys are used during both encryption and decryption, the algorithm is said to be symmetric. Read the article Symmetric vs Asymmetric Encryption if you want to know the difference between the two. As mentioned earlier, AES is implemented in secure file transfer protocols like FTPS, HTTPS, SFTP, AS2, WebDAVS, and OFTP. But what exactly is its role? Because symmetric and asymmetric encryption algorithms each have their own strengths, modern secure file transfer protocols normally use a combination of the two. Asymmetric key ciphers, like public key encryption algorithms, are great for key distribution and are used to encrypt the session key used for symmetric encryption. Symmetric key ciphers like AES are more suitable for encrypting the actual data (and commands) because they require less resources and are also much faster than asymmetric ciphers. The article Symmetric vs Asymmetric Encryption has a more thorough discussion regarding these two groups of ciphers. Here's a simplified diagram illustrating the encryption process during a typical secure file transfer secured by SSL/TLS (HTTPS, FTPS, WebDAVS) or SSH (SFTP). AES encryption operates in step 3. Would you like to try this yourself? JSCAPE MFT Server is platform-agnostic and can be installed on Microsoft Windows, Linux, Mac OS X and Solaris, and can handle any file transfer protocol as well as multiple protocols from a single server. Additionally, JSCAPE enables you to handle any file type, including batch files and XML. Download your free 7-day trial of JSCAPE MFT Server now. How To Set Up A HTTPS File Transfer: HTTPS File Sharing What Is AS2 Protocol? How To Use Applicability Statement 2 What Is HMAC And How Does It Secure File Transfers? What Is HTTP Strict Transport Security (HSTS)?Overview: What Is AES?
What Is AES Encryption?
How Rijndael Became A Standard
Let's Get A Little Bit More Technical
How Is The AES Encryption Algorithm Used In Secure File Transfers?
Get Your Free Trial
Related Content
Popular Articles
View more by JSCAPE
Setting Up SFTP Public Key Authentication On The Command Line
6min read —
SFTP Public Key Authentication enhances security by allowing users to access SFTP services without passwords, favoring automated transfers. The setup process involves creating a .ssh directory, generating a key pair with ssh-keygen, securing permissions, and copying the public key to the server, ensuring a secure connection without the need for passwords
Read ArticleActive vs. Passive FTP Simplified
7min read —
The difference between active FTP and passive FTP modes lies in how connections are made. In active mode, the client initiates the connection with a PORT command, making the server connect back for data. In passive mode, the client uses a PASV command, gets a server port, and starts the data transfer connection.
Read ArticleActive-Active vs. Active-Passive High-Availability Clustering
3min read —
An active-active high availability cluster distributes workloads evenly across all nodes, ensuring load balancing. An active-passive setup involves not all nodes being active, with the other node(s) on standby to take over if the active node fails, ensuring service continuity without load distribution.
Read Article
Posts By Category
Explore All Topics
- JSCAPE MFT
- Managed File Transfer
- Tutorials
- Secure File Transfer
- Business Process Automation
- Videos
- News
- SFTP
- Triggers
- FTP
- AS2
- FTPS
- File Transfer Clients
- Ad-Hoc File Transfers
- Reverse Proxy
- Accelerated File Transfer
- Case Studies
- sftp server
- file transfer
- ssh
- Client Certificate Authentication
- RSA 4096
- authentication
- encryption
- load balancing
- ASCII
- AWS
- Amazon S3
- Clustering
- Configuration
- DSA
- DSA vs RSA
- EDI
- FTP Server
- FTP command line
- FTP/S
- HMAC
- High Availability
- Load
- Load Balancer
- MDN
- OpenPGP keys
- RSA vs DSA
- S3
- SCP
- SMTP ports
- Transfer mode
- Windows SFTP Client
- binary mode
- binary transfer
- client certificate
- decrypt
- diffie-hellman-group1-sha1
- digital certificates
- file transfer protocol
- forward proxy
- ftp active mode
- ftp active vs passive
- ftp client
- ftp commands
- ftp passive mode
- ftp put command
- gnu privacy guard
- gpg
- key exchange
- key fingerprint
- mft gateway
- mft solutions
- passive ftp
- pgp
- port 25
- port 587
- proxy server
- reverse proxy server
- security
- sftp port
- sftp port number
- transfer protocols
- webdav
- webdav server
- windows ftp
Related Content
Read more about Secure File Transfer
When SFTP isn’t enough— Signs you need an MFT Solution
19min read —
If SFTP limitations hinder your operations, consider an MFT solution for automation, protocol versatility, and advanced security. Explore our detailed blog post to learn when it's time to transition from SFTP to MFT and elevate your data transfers.
Read ArticleAS2 vs SFTP—What’s the difference?
22min read —
AS2, used for direct B2B exchanges like EDI over HTTP/S, emphasizes encryption, authentication, and non-repudiation with MDN receipts. SFTP, functioning over SSH, provides a secure method for broader file transfer needs, focusing on encryption, two-factor authentication, and integrity without inherent non-repudiation. Choose AS2 for specific B2B EDI requirements and SFTP for versatile, secure file sharing.
Read ArticleSFTP vs MFT: Choosing the Right File Transfer Protocol
18min read —
SFTP focuses on secure file transfers over a network with data encryption and authentication features. MFT, or Managed File Transfer, includes SFTP's security measures and offers comprehensive data security, automation, reporting, and compliance capabilities. MFT provides a more advanced solution for businesses by supporting multiple protocols while enhancing file transfer workflows with added security and efficiency.
Read Article
