AES Encrypt / Decrypt

AES-256-GCM encryption with PBKDF2 key derivation. Runs 100% in your browser using the Web Crypto API.

Educational use only. For production applications, use a professionally audited encryption library. Never share private keys or passwords via untrusted channels.
Enter a password
Plaintext
Encrypted (Base64)
Enter text and a password, then click Encrypt.

How to Use the AES Encryption Tool

  1. Choose a direction: "Encrypt" converts plaintext to Base64-encoded ciphertext; "Decrypt" reverses it.
  2. Enter a password. The strength indicator shows how secure your password is. Use a mix of upper/lowercase, digits, and symbols for maximum security.
  3. Paste your text into the input area.
  4. Click Encrypt/Decrypt — the result appears on the right.
  5. Copy or download the result. To decrypt later, you need both the Base64 output and the exact same password.

About AES-256-GCM Encryption

AES (Advanced Encryption Standard) is the most widely deployed symmetric encryption algorithm in the world. It was selected by NIST in 2001 after an international competition and has withstood over 20 years of cryptanalysis without a practical break. The "256" refers to the key length in bits — a 256-bit key has 2256 possible values, making brute-force attacks computationally infeasible with current and foreseeable technology.

GCM (Galois/Counter Mode) transforms AES from a block cipher into an authenticated encryption scheme. It simultaneously encrypts data and produces an authentication tag — a 16-byte checksum that proves the ciphertext hasn't been modified. Any tampering with the ciphertext will cause decryption to fail with an "authentication failed" error rather than silently producing garbage output. This property, called "integrity," is critical for security.

How This Tool Works Internally

When you click Encrypt, this tool performs the following steps using the browser's native window.crypto.subtle API:

  1. Generate a cryptographically random 16-byte salt
  2. Derive a 256-bit AES key from your password using PBKDF2 with HMAC-SHA256, 100,000 iterations, and the salt
  3. Generate a cryptographically random 12-byte IV (nonce)
  4. Encrypt the plaintext using AES-256-GCM with the derived key and IV
  5. Concatenate salt + IV + ciphertext and encode as Base64

Decryption extracts the salt and IV from the Base64 payload, re-derives the key from your password, and decrypts. The GCM authentication tag is verified automatically — if the password or ciphertext is wrong, decryption fails.

Password Strength Matters

AES-256 is theoretically unbreakable, but weak passwords are still vulnerable to dictionary attacks even with PBKDF2 stretching. A password like "password123" can be cracked in seconds even with 100,000 PBKDF2 iterations. Use a random passphrase of 4+ words (e.g., "correct horse battery staple") or a 20+ character random string. A password manager can generate and store strong passwords for you. See also our RSA Key Generator for asymmetric encryption needs.

When to Use AES vs. RSA

AES (symmetric) uses the same key to encrypt and decrypt — both parties must know the secret key. RSA (asymmetric) uses a public key to encrypt and a private key to decrypt, making it suitable for exchanging data with someone you haven't pre-shared a secret with. In practice, most secure systems use RSA or ECDH to establish a shared secret, then use AES to encrypt bulk data — this is exactly what TLS does. Use this AES tool when you need to encrypt personal data for your own use or share encrypted messages with someone you can securely share a password with.

Frequently Asked Questions

AES-256-GCM combines AES with a 256-bit key and GCM (Galois/Counter Mode), which provides both encryption and authentication. GCM ensures ciphertext hasn't been tampered with. It's the gold standard for symmetric encryption, used in TLS 1.3, Signal, and modern secure protocols.
PBKDF2 converts a human password into a cryptographic key by applying HMAC-SHA256 thousands of times with a random salt. This slows brute-force attacks. This tool uses 100,000 iterations with a random salt — the NIST-recommended minimum as of 2023.
An IV (nonce in GCM mode) is a random value generated fresh for every encryption. It ensures encrypting the same plaintext twice produces different ciphertexts. This tool generates a cryptographically random 12-byte IV per encryption and prepends it to the output.
This tool is for educational purposes and quick prototyping. For production: use an audited library (libsodium, OpenSSL), manage key rotation, use HSMs for key storage, and follow your organization's crypto standards. The algorithms (AES-256-GCM, PBKDF2) are sound, but secure key management requires deeper expertise.
The Base64 output contains three concatenated parts: 16-byte random salt (for PBKDF2), 12-byte random IV (for AES-GCM), and the AES-GCM ciphertext (including the 16-byte authentication tag). All three are needed for decryption. The salt and IV are not secret — they're included in the output.