aespipe reads from standard input and writes to standard output. It can be used to create and restore encrypted tar or cpio archives. It can be used to encrypt and decrypt loop-AES compatible encrypted disk images.

The AES cipher is used in CBC (cipher block chaining) mode. Data is encrypted and decrypted in 512 byte chains. aespipe supports three key setup modes; single-key, multi-key-v2 and multi-key-v3 modes. Single-key mode uses simple sector IV and one AES key to encrypt and decrypt all data sectors. Multi-key-v2 mode uses cryptographically more secure MD5 IV and 64 different AES keys to encrypt and decrypt data sectors. In multi-key mode first key is used for first sector, second key for second sector, and so on. Multi-key-v3 is same as multi-key-v2 except is uses one extra 65th key as additional input to MD5 IV computation. See -K option for more information about how to enable multi-key-v3 mode.

Single-key mode preserves input size at 16 byte granularity. Multi-key mode preserves input size at 512 byte granularity. If input size is not multiple of 16 or 512 bytes, input data is padded with null bytes so that both input and output sizes are multiples of 16 or 512 bytes.

Password string has a minimum length of 20 characters (or 1 character when using rmd160 password hash). Optional password seed (salt) and key iteration count can be used to slow down dictionary attacks. Password seed is appended to user supplied password before password is hashed using one way hash. If password iteration count is specified, password hash output is encrypted N thousand times using AES-256. Unique seed prevents an adversary from precomputing hashes of passwords in his dictionary in advance, and thus making an optimized attack slower. Large password iteration count makes dictionary attack painfully slow.

[ http://pwet.fr/man/linux/commandes/aespipe ]

Aespipe in action:
I used the following command to encrypt aespipe -e AES256 < /home/pavs/test.tar >test.tgz
Couple of things to remember * “AES256″ is case sensitive * Password is minimum 20 characters long