AES-256 Encryption
AES-256 (Advanced Encryption Standard with a 256-bit key) is a symmetric block cipher adopted by the U.S. government as a federal standard, widely regarded as the gold standard for protecting sensitive data at rest.
What it means
AES-256 encrypts data by dividing it into 128-bit blocks and applying 14 rounds of substitution, permutation, and mixing transformations using a 256-bit key. It is approved for Top Secret U.S. government data and is computationally infeasible to brute-force with current technology. AES-256 is used to encrypt stored documents, database fields, and file storage — distinct from TLS, which protects data in transit.
Why it matters for e-signatures
SignOwl uses AES-256 to encrypt documents and sensitive data at rest. This ensures that even if storage infrastructure is compromised, document contents remain unreadable without the encryption keys.
Related terms
Frequently asked questions
What is the difference between AES-256 and TLS encryption?
AES-256 protects data at rest (stored on disk or in a database), while TLS protects data in transit (moving over a network). Both are needed for comprehensive security.
Is AES-256 truly unbreakable?
No encryption is theoretically unbreakable, but a brute-force attack on AES-256 would require astronomical computational resources with classical computers. It is considered safe for the foreseeable future.
Ready to send your first document?
Upload a PDF, add signature fields, and send — your signers get a beautiful page on any device. No accounts, no apps, no friction.
Start free — no card needed