Technical Documentation on AES Encryption Module format

I find the Duplicati documentation very thourough and good to use. This is why I was quite suprised there is no article/documentation about the actual format the AES crypto module uses, and possible an alternate command line/tool to decrypt it.

I wanted to open one of the ZIP files, and possibly not use Duplicati CLI for this to verify it uses a repeatable and overall sound format. Did I just miss this doc or is it really missing? I would expect information about the secret stretching method used, the AES blockmodes, the way the parameters are generated as well as the resulting file layout.

If I really missed it let me know, I would be willing to dig into the source and extract a draft.

It doesn’t seem to be in the regular user manual, but below are the help text and developer docs.

C:\ProgramData\Duplicati\duplicati->Duplicati.CommandLine.exe help aes
AES-256 encryption, built in (.aes):
 This module encrypts all files in the same way that AESCrypt does, using 256
 bit AES encryption.
 Supported options:
  --aes-set-threadlevel (Enumeration): Set thread level utilized for crypting
    Use this option to set the thread level allowed for AES crypt operations.
    Valid values are 0 (uses default), or from 1 (no multithreading) to 4
    (max. multithreading)
    * values: 0, 1, 2, 3, 4
    * default value: 4



The AESCrypt module is based on the publicly available AESCrypt file format specification, using AES-256 as the encryption algorithm. Each file is encrypted with its own volume encryption key, and each volume contains a HMAC signature to ensure integrity.

AES File Format per AES Crypt

From Duplicati About --> Libraries


A C# implementation of the AESCrypt file format

SharpAESCrypt.exe ships with Duplicati, if you’d rather use it instead of another AES Crypt program.

1 Like