/bAESh

Hot, low speed encryption in Bash

Primary LanguageShellGNU General Public License v3.0GPL-3.0

bAESh

Hot, low speed AES encryption in Bash

What's this?

This is an implementation of AES encryption (128, 192 and 256 bits) in ecb, cbc, cfb(-128), ofb and ctr modes with PKCS#7 padding, using only pure bash without any external programs. No dependencies, other than a recent version of bash.

WARNING: THIS IS EXTREMELY SLOW AND INEFFICIENT. DO NOT USE IT FOR ANY SERIOUS PURPOSE, AND DO NOT USE IT ON LARGE AMOUNTS OF DATA (EVEN A FEW TENS OF KB ARE ALREADY A LOT FOR THIS BEAST). YOU HAVE BEEN WARNED.

Why is it "hot"?

I'm glad you asked. Run it on a large file on your laptop and you'll see (and probably feel as well, if you're close enough). See the following graph, which represents the temperature of my laptop's CPU while encrypting a moderately large file (for bAESh's standards, anyway):

bAESh CPU/Fan usage

So it's not just hot, it's very hot. I'd go as far as saying that it's the hottest encryption program available.

Why is it "low speed"?

See the following comparison with openssl to encrypt a file:


$ ls -al /bin/rmdir
-rwxr-xr-x 1 root root 42984 Dec 29 13:08 /bin/rmdir
$ time openssl enc -aes-128-cbc -K '000102030405060708090a0b0c0d0e0f' -iv '11111111111111111111111111111111' < /bin/rmdir > /dev/null

real	0m0.014s
user	0m0.009s
sys	0m0.003s
$ time ./bAESh -b 128 -m cbc -K '000102030405060708090a0b0c0d0e0f' -I '11111111111111111111111111111111' < /bin/rmdir > /dev/null

real	0m34.845s
user	0m33.064s
sys	0m1.552s

Not bad eh? So it's not just low speed, it's extremely low speed. I'd go as far as saying that it's the slowest encryption program available.

How do I install it?

You really don't want to install it, but even if you wanted, no special installation would be necessary. Just run bAESh with the necessary arguments (see bAESh -h for help).

How do I know that it produces correct results?

Just trust me!

No, seriously, bAESh comes with a test suite (big word) that runs a variety of tests with different key sizes, keys, IVs and inputs. There are essentially four kinds of tests:

  • Key expansion tests
  • Encryption/decryption tests against published NIST vectors for all modes (see here, Appendix F)
  • bAESh/openssl crossed encryption/decryption (encrypt with bAESh, decrypt with openssl and viceversa) in all modes
  • bAESh/openssl output comparison (verify that the result of encryption/decryption is the same for both tools) in all modes

The tests use the assert.sh framework, which you should have installed somewhere. To run the tests, run the included baesh_tests.sh as follows (WARNING: may take half an hour or more to runn the full thing):


$ BAESH=/path/to/bAESh ASSERT_SH_PATH=/path/to/assert.sh ./baesh_tests.sh
....
all 4 Key expansion, 128 bits tests passed in 0.063s.
...
all 3 Key expansion, 192 bits tests passed in 0.040s.
...
all 3 Key expansion, 256 bits tests passed in 0.044s.
..
all 2 ecb 128 bits, known text 0, key 0, raw output tests passed in 0.051s.
...snip...

A third variable, BAESH_FULL_TEST can be set to 1 to run the fourth kind of tests above (the most resource-intensive).

So, what's it good for?

Basically, nothing.

Well, unless you want to use your PC as a heater and do no real crypto work. In that case, throw some MBs at it to process and you should have a few hours of heating. Useful in winter. If it's especially cold, run many instances in parallel, so all CPUs can get a chance to overheat.

Otherwise, use real crypto tools.