Rijndael is free for any use public or private, commercial or non-commercial. The authors of Rijndael used to provide a homepage for the algorithm. Care should be taken when implementing AES in software. Like most encryption algorithms, Rijndael was designed on big-endian systems. For this reason, little-endian systems, which include the common PC, return correct test vector results only through swapping bytes of the input and output words.
The algorithm operates on plaintext blocks of 16 bytes. Encryption of shorter blocks is possible only by padding the source bytes, usually with null bytes. This can be accomplished via several methods, the simplest of which assumes that the final byte of the cipher identifies the number of null bytes of padding added.
Careful choice must be made in selecting the mode of operation of the cipher. The simplest mode encrypts and decrypts each 128-bit block separately. In this mode, called "electronic code book (ECB)", blocks that are identical will be encrypted identically; this is entirely insecure. It makes some of the plaintext structure visible in the ciphertext. Selecting other modes, such as using a sequential counter over the block prior to encryption (i.e., CTR mode) and removing it after decryption avoids this problem.
Current list of FIPS 197 validated cryptographic modules (hosted by NIST)Current list of FIPS 140 validated cryptographic modules with validated AES implementations (hosted by NIST) - Most of these involve a commercial implementation of AES algorithms. Look for "FIPS-approved algorithms" entry in the "Level / Description" column followed by "AES" and then a specific certificate number.LibgcryptwolfSSL (previously CyaSSL)GnuTLSNetwork Security ServicesOpenSSLLibreSSLmbed TLS (previously PolarSSL)Reference original implementationaxTLSMicrosoft CryptoAPI uses Cryptographic Service Providers to offer encryption implementations. The Microsoft AES Cryptographic Provider was introduced in Windows XP and can be used with any version of the Microsoft CryptoAPI.tiny-AES128-C Small portable AES128 in C (suitable for embedded systems)AES-256 a byte-oriented portable AES-256 implementation in CSolaris Cryptographic Framework offers multiple implementations, with kernel providers for hardware acceleration on x86 (using the Intel AES instruction set) and on SPARC (using the SPARC AES instruction set). It is available in Solaris and derivatives, as of Solaris 10.OpenAES portable C cryptographic libraryLibTomCrypt is a modular and portable cryptographic toolkit that provides developers with well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and other routines.Botan has implemented Rijndael since its very first release in 2001Crypto++ A comprehensive C++ semi-public-domain implementation of encryption and hash algorithms. FIPS validatedAs of version 3.5 of the .NET Framework, the System.Security.Cryptography namespace contains both a fully managed implementation of AES and a managed wrapper around the CAPI AES implementation.Bouncy Castle Crypto LibraryJava Cryptography Extension, integrated in the Java Runtime Environment since version 1.4.2IAIK JCEBouncy Castle Crypto LibraryPyCrypto - The Python Cryptography Toolkit PyCryptokeyczar - Cryptography Toolkit keyczarM2Crypto - M2Crypto is the most complete OpenSSL wrapper for Python.Cryptography - Python library which exposes cryptographic recipes and primitives.SJCL library - contains JavaScript implementations of AES in CCM, CBC, OCB and GCM modesAES-JS - portable JavaScript implementation of AES ECB and CTR modesForge - JavaScript implementations of AES in CBC, CTR, OFB, CFB, and GCM modesasmCrypto - JavaScript implementation of popular cryptographic utilities with focus on performance. Supports CBC, CFB, CCM modes.pidCrypt - open source JavaScript library. Only supports the CBC and CTR modes.7zAmanda BackupPeaZipPKZIPRARWinZipUltraISOGpg4winMost Encrypting File Systems use AES, e.g. NTFSBitLocker (part of certain editions of Windows operating systems)CipherShedDiskCryptorFileVault (part of the Mac OS X operating system, and also the included Disk Utility makes AES-encrypted drive images)GBDEGeli (software)LibreCryptLUKSPrivate DiskTrueCrypt (discontinued)VeraCryptIEEE 802.11i, an amendment to the original IEEE 802.11 standard specifying security mechanisms for wireless networks, uses AES-128 in CCM mode (CCMP).The ITU-T G.hn standard, which provides a way to create a high-speed (up to 1 Gigabit/s) Local area network using existing home wiring (power lines, phone lines and coaxial cables), uses AES-128 for encryption.DataLocker Uses AES 256-bit CBC and XTS mode hardware encryptionGet Backup Pro uses AES-128 and AES-256GPG, GPL-licensed, includes AES, AES-192, and AES-256 as options.IPsecIronKey Uses AES 128-bit and 256-bit CBC-mode hardware encryptionKeePass Password SafeLastPassLinux kernel's Crypto API, now exposed to userspacePidgin (software), has a plugin that allows for AES EncryptionPyEyeCrypt Free open-source text encryption tool/GUI with user-selectable AES encryption methods and PBKDF2 iterations.SocialDocs file encryption uses AES256 to provide a free-online file encryption toolTextSecureXFire uses AES-128, AES-192 and AES 256 to encrypt usernames and passwordsCertain games and engines, such as the Rockstar Advanced Game Engine used in Grand Theft Auto IV, use AES to encrypt game assets in order to deter hacking in multiplayer.Intel and AMD processors include the AES instruction set.On IBM zSeries mainframes, AES is implemented as the KM series of assembler opcodes when various Message Security Assist facilities are installed.SPARC S3 core processors include the AES instruction set, which is used with SPARC T4 and SPARC T5 systems.
