This module is unsupported due to a security issue the maintainer didn’t fix. See AES - Critical - Unsupported - SA-CONTRIB-2017-027 for details.

If you want to use this module, your options are:

In short, here's what this module does:

For site owners:
This module can provide you with readable passwords. Some users will be able to see other users passwords in plain text if they have a role with the permission to do so.

For developers:
This module can provide you with a very simple and easy to use encryption API. Just check out the aes_encrypt and aes_decrypt functions. It really can't get any simpler.

In a nutshell:

$encrypted_data = aes_encrypt("mydata");
$decrypted_to_plain_text = aes_decrypt($encrypted_data);

Note: This module requires an AES implementation, which can be either the PHP Mcrypt extension or the PHP Secure Communications Library.

The Mcrypt extension needs to be installed on the web server, so if you're on a shared host you probably can't use this if it's not already installed (you'll find out if you have it or not when installing this module).

If you don't have Mcrypt, then grab a copy of PHP Secure Communications Library (phpseclib) from here:

Just extract that zip into a directory called "phpseclib" inside the AES module directory and you should be good to go.

The two implementations are pretty much equivalent, although Mcrypt is faster and offers the option of defining the encryption cipher, so you probably want to use that if you have it.

This module and it's main functions (aes_encrypt, aes_decrypt) are designed to behave in a consistent way no matter which implementation you are using. There are a few small exceptions though. Check out API.txt if you would like to know what they are.

This module also allows you to switch between implementations (or change any of the other encryption options) without losing your already encrypted user passwords. However, take care not to switch implementations or change the cipher or key while you have another module installed which has this module as a dependency, since this module isn't aware of what data (if any) that other modules has encrypted, and therefore it can't update it with the new settings.

Similar Modules

See a comparison of encryption modules.

Drupal 6 and Drupal 7 versions

For both 6 and 7 version of Drupal core the AES module is quite stable and is maintained mostly only for fixes.

Drupal 8 version

Drupal 8 version is basically just a simple port. With all new stuff available with Drupal 8 there is an idea of not supporting this module in favor of unified solution by modules Key & Encrypt. If this idea succeeds, Key+Encrypt pair would be able to support any encryption in generalized way.

In case you plan to use AES for a while, be aware that it requires 'active' configuration to not store keys in DB. More info about the 'active' configuration can be found here.

Maintainer News
This module was originally developed for 6.x by easyfit, and was maintained briefly by EvanDonovan, primarily for 7.x, since it was a requirement for the Salesforce Suite prior to the new 7.x-3.x branch.

During January 2014 - July 2016 module was maintained by dpovshed

Project Information