Skip to content
Security · Encryption

AES Encrypt / Decrypt

Symmetrically encrypt and decrypt text with AES-GCM, CBC, CTR, or ECB. Enter a passphrase or raw key — all processing runs in your browser and nothing leaves your device.

In-browser only NIST FIPS 197 Web Crypto API
Mode
Key size(32 bytes expected)

PBKDF2 key derivation

OWASP recommends 600,000+ iterations for stronger security.

Derived key (hex)
 
0 bytes · UTF-8 text · max 1 MB

12 bytes (96-bit nonce) · Use a unique IV for every encryption with the same key.

Authentication tag length
Output format
Mode security

AES-GCM provides both encryption and authentication — it can detect tampering. CBC and CTR provide confidentiality only; integrity must be verified separately. ECB is deterministic and leaks patterns — avoid it.

IV security

A unique IV must be used for every encryption with the same key. Reusing an IV with GCM can completely break security. This tool auto-generates a cryptographically random IV.

Passphrase derivation

PBKDF2 derives a cryptographic key from your passphrase using a random salt and many iterations, making brute-force attacks expensive. The derived key, salt, and iterations must all be saved to decrypt later.

All encryption runs in your browser. Your data, keys, and IVs never leave your device.

Guide

How to Use

  1. 1
    Choose your encryption mode

    The tool defaults to AES-GCM, which provides both encryption and authentication. Switch to CBC, CTR, or ECB if your use case requires it.

  2. 2
    Enter your passphrase or key

    Type a passphrase and the tool derives an AES key with PBKDF2. Or switch to Hex / Base64 format and paste a raw key of the exact required length.

  3. 3
    Enter the text to encrypt or decrypt

    Paste or type your message into the input area. For decryption, paste the ciphertext in the format it was produced (Base64 or Hex).

  4. 4
    Click Encrypt or Decrypt

    All processing happens in your browser — your data never leaves your device. The result appears instantly in the panel below.

  5. 5
    Copy your results

    Use the copy button next to each output field. To decrypt later, you need the ciphertext, IV, auth tag (GCM), and salt (if using a passphrase).

Reference

AES Mode Comparison

Mode Security Authentication Padding IV bytes
AES-GCM Recommended Yes (AEAD) None needed 12
AES-CBC Acceptable No PKCS7 16
AES-CTR Acceptable No None needed 16
AES-ECB Not recommended No PKCS7 None

Frequently Asked Questions

What is AES encryption?
AES (Advanced Encryption Standard) is a symmetric encryption algorithm adopted by NIST (FIPS 197) and used worldwide. The same secret key is used for both encryption and decryption. AES operates on 128-bit blocks and supports 128, 192, and 256-bit key sizes.
Which AES mode should I use?
Use AES-GCM for almost everything. It provides both confidentiality and authenticity — it can detect if the ciphertext was tampered with. CBC is older and does not provide authentication. CTR converts AES into a stream cipher. Avoid ECB — it reveals patterns in your data.
What is an IV and why does it matter?
An IV (Initialization Vector) ensures that encrypting the same plaintext twice produces different ciphertext. The IV does not need to be secret — it is sent alongside the ciphertext. Never reuse an IV with the same key, especially in GCM mode, where IV reuse can completely break security.
Can I use a regular password as an AES key?
Yes, but not directly. This tool derives a proper AES key from your passphrase using PBKDF2-HMAC-SHA256 with a random salt and 100,000 iterations. If you prefer a raw key, switch the key format to Hex or Base64.
Why does my decryption fail?
Common causes: wrong key, wrong IV, wrong mode, wrong output format (Base64 vs Hex), or corrupted ciphertext. For GCM, the auth tag must also match. Use the exact same key, IV, mode, key size, and output format as during encryption.
Is it safe to encrypt data in my browser?
Yes. All encryption runs entirely in your browser using the Web Crypto API — a built-in, browser-native cryptographic library. Your plaintext, ciphertext, keys, and IVs are never transmitted to any server.
What is the difference between AES-128, AES-192, and AES-256?
The number refers to the key size in bits. AES-128 uses a 16-byte key, AES-192 uses 24 bytes, and AES-256 uses 32 bytes. Larger keys provide a larger key space. AES-128 is already considered secure; AES-256 is recommended for long-term security.
What is PBKDF2 and why does this tool use it?
PBKDF2 (Password-Based Key Derivation Function 2, RFC 8018) derives a cryptographic key from a passphrase by applying HMAC-SHA256 repeatedly. The iteration count makes brute-force attacks expensive. A random salt ensures the same passphrase produces a different key each time.
What is AAD (Additional Authenticated Data)?
AAD is data that is authenticated but not encrypted. In GCM mode, AAD is included in the authentication tag calculation — if the AAD is tampered with, decryption fails. A common use: encrypt a message while authenticating a readable header.
Can I use this tool to encrypt passwords for storage?
No. AES is designed for encryption (reversible), not password hashing (one-way). For storing passwords, use a dedicated hashing algorithm like bcrypt, Argon2, or scrypt.