ESC

AES Encryption & Decryption

Encrypted text will appear here...
Decrypted text will appear here...
All encryption and decryption happens in your browser using Web Crypto API. No data or passwords are sent to any server. The encrypted output includes the salt and IV for portability.

Usage Examples

Encrypt a Message

Encrypt a simple text message using AES-256-GCM. The strongest mode with built-in authentication.

Protect Sensitive Data

Encrypt configuration data like API keys, database URLs and tokens before storing or sharing them.

Legacy Compatibility

Encrypt using AES-CBC mode with 128-bit key for compatibility with older systems and libraries.

Features

AES-GCM & AES-CBC

Support for AES-GCM (authenticated encryption) and AES-CBC modes with 128 or 256-bit keys

PBKDF2 Key Derivation

Password-based key derivation using PBKDF2 with 100,000 iterations and SHA-256 for maximum security

Portable Output

Encrypted output includes salt, IV and mode info in a single Base64 string for easy sharing

Privacy First

All processing happens locally in your browser using Web Crypto API, no data sent to servers

How to Use?

1

Enter Text & Password

Type or paste the text you want to encrypt and enter a strong password. Choose encryption mode and key size.

2

Encrypt

Click Encrypt to generate the encrypted Base64 output. Copy it for storage or sharing.

3

Decrypt

Switch to the Decrypt tab, paste the encrypted text and enter the same password to decrypt.

Frequently Asked Questions

AES (Advanced Encryption Standard) is the symmetric encryption algorithm used by governments, banks, and virtually all secure communication systems worldwide. Symmetric means the same key is used to both encrypt and decrypt. AES was adopted as a US federal standard in 2001 and operates on fixed-size data blocks (128 bits) with key lengths of 128, 192, or 256 bits. AES-256 has never been practically broken — the attack surface is the password or key management, not the algorithm itself.

AES-GCM (Galois/Counter Mode) is authenticated encryption — it not only encrypts your data but also generates an authentication tag that detects any tampering with the ciphertext. If even one byte of the encrypted output is modified, decryption fails with an error. AES-CBC (Cipher Block Chaining) is older and encrypts correctly but does not authenticate — an attacker can modify the ciphertext in certain ways without detection. Use GCM for all new implementations. Only use CBC if you need compatibility with a specific legacy system that requires it.

PBKDF2 (Password-Based Key Derivation Function 2) converts your human-readable password into a cryptographic key. It runs the password and a random salt through SHA-256 hashing 100,000 times. This deliberate slowness means that brute-forcing a weak password like "password123" still requires running 100,000 SHA-256 iterations per guess attempt — dramatically reducing the attack speed compared to simply hashing once. The random salt ensures that two users with the same password get completely different keys.

The output is a single Base64-encoded string that packages everything needed for decryption: the random salt (used by PBKDF2 to derive the key), the IV (Initialization Vector, a random nonce required by GCM/CBC), the encryption mode and key size identifier, and the actual ciphertext. This self-contained format means the recipient only needs the password — the output string alone is safe to share publicly since none of the included data compromises the encryption.

Yes. The output format is documented: Base64-decode the string, then extract the salt (first 16 bytes), IV (next 12 bytes for GCM or 16 for CBC), and remaining ciphertext. Run PBKDF2 with SHA-256 and 100,000 iterations on the password and salt to get the key, then decrypt with AES-GCM or AES-CBC. The Web Crypto API (browser), crypto module (Node.js), PyCryptodome (Python), and javax.crypto (Java) all support these algorithms natively.

With AES-GCM, decryption will fail immediately with an authentication error because the authentication tag will not match. This is one of the key advantages of GCM — it tells you definitively that decryption failed rather than silently producing garbage output. With AES-CBC, wrong password decryption produces garbled output without an obvious error, making it harder to detect. In both cases, the original data is not recoverable without the correct password.

AES-256 (256-bit keys) is the recommended choice for new implementations. The key length difference is meaningful in theory — AES-128 has 2^128 possible keys while AES-256 has 2^256. In practice, both are computationally unbreakable with current technology, but AES-256 provides a larger security margin against theoretical future attacks. The performance difference is negligible for text encryption. Use 128-bit only if you have a specific compatibility requirement.

Nothing is sent to any server. All encryption and decryption runs in your browser using the Web Crypto API, a native browser API that provides cryptographic operations in a secure, sandboxed environment. Your plaintext, your password, and your ciphertext never leave your device. This makes the tool safe for encrypting sensitive credentials, personal messages, and confidential data.

What is AES Encryption Tool?

Need to send someone a password securely? Email is not safe, and neither is Slack. AES encryption lets you turn any text into ciphertext that only someone with the right password can read back. This tool runs AES-GCM or AES-CBC with 128 or 256-bit keys, derives the key from your password using PBKDF2 (100k iterations), and does everything in your browser via Web Crypto API. No data ever hits a server.

Why Developers Trust This Tool

The output is a single Base64 string containing the salt, IV, and ciphertext. You can paste it in a chat, save it to a config file, or store it in a database. The recipient just needs the password. GCM mode catches any tampering, PBKDF2 makes dictionary attacks impractical, and your plaintext never leaves your machine.

Security and Privacy

Your data security is our priority

Local Processing

All processing happens in your browser

No Data Transfer

Your data is not sent to our servers

No Data Storage

No data is stored or shared

SSL Encryption

SSL encryption for secure connection

Next Step

Also on MoreOnlineTools