Inherits: RefCounted < Object

Interface to low level AES encryption features.


This class provides access to AES encryption/decryption of raw data. Both AES-ECB and AES-CBC mode are supported.

extends Node

var aes =

func _ready():
    var key = "My secret key!!!" # Key must be either 16 or 32 bytes.
    var data = "My secret text!!" # Data size must be multiple of 16 bytes, apply padding if needed.
    # Encrypt ECB
    aes.start(AESContext.MODE_ECB_ENCRYPT, key.to_utf8())
    var encrypted = aes.update(data.to_utf8())
    # Decrypt ECB
    aes.start(AESContext.MODE_ECB_DECRYPT, key.to_utf8())
    var decrypted = aes.update(encrypted)
    # Check ECB
    assert(decrypted == data.to_utf8())

    var iv = "My secret iv!!!!" # IV must be of exactly 16 bytes.
    # Encrypt CBC
    aes.start(AESContext.MODE_CBC_ENCRYPT, key.to_utf8(), iv.to_utf8())
    encrypted = aes.update(data.to_utf8())
    # Decrypt CBC
    aes.start(AESContext.MODE_CBC_DECRYPT, key.to_utf8(), iv.to_utf8())
    decrypted = aes.update(encrypted)
    # Check CBC
    assert(decrypted == data.to_utf8())



finish ( )


get_iv_state ( )


start ( Mode mode, PackedByteArray key, PackedByteArray iv=PackedByteArray() )


update ( PackedByteArray src )


enum Mode:

  • MODE_ECB_ENCRYPT = 0 --- AES electronic codebook encryption mode.

  • MODE_ECB_DECRYPT = 1 --- AES electronic codebook decryption mode.

  • MODE_CBC_ENCRYPT = 2 --- AES cipher blocker chaining encryption mode.

  • MODE_CBC_DECRYPT = 3 --- AES cipher blocker chaining decryption mode.

  • MODE_MAX = 4 --- Maximum value for the mode enum.

Method Descriptions

  • void finish ( )

Close this AES context so it can be started again. See start.

Get the current IV state for this context (IV gets updated when calling update). You normally don't need this function.

Note: This function only makes sense when the context is started with MODE_CBC_ENCRYPT or MODE_CBC_DECRYPT.

Start the AES context in the given mode. A key of either 16 or 32 bytes must always be provided, while an iv (initialization vector) of exactly 16 bytes, is only needed when mode is either MODE_CBC_ENCRYPT or MODE_CBC_DECRYPT.

Run the desired operation for this AES context. Will return a PackedByteArray containing the result of encrypting (or decrypting) the given src. See start for mode of operation.

Note: The size of src must be a multiple of 16. Apply some padding if needed.