AES Encrypt/Decrypt
Free online AES encryption/decryption tool, GCM/CBC mode supported
About AES Encrypt/Decrypt
Encrypts and decrypts text with AES using the browser's native Web Crypto API. It supports two modes (AES-GCM authenticated encryption, AES-CBC) and two key sizes (128-bit and 256-bit). The password is stretched into a key with PBKDF2 (SHA-256, 100,000 iterations) using a random 16-byte salt, and the output is a single Base64 blob containing salt + IV + ciphertext.
How to Use
1. Pick the Encrypt or Decrypt tab, then choose the mode (AES-GCM or AES-CBC) and key length (128-bit or 256-bit). The same settings must be used for both directions. 2. To encrypt: enter a password, enter the plaintext, and click Encrypt. The output is a Base64 string. 3. To decrypt: enter the same password, paste the Base64 ciphertext, and click Decrypt. 4. Use the eye icon to reveal or hide the password, and the copy buttons to copy the ciphertext or decrypted text. Progress is shown via the Encrypting/Decrypting button label.
Key Derivation & Output Format
The password is run through PBKDF2 with HMAC-SHA-256 and 100,000 iterations over a freshly random 16-byte salt to derive the AES key. A random IV is generated per encryption: 12 bytes for AES-GCM, 16 bytes for AES-CBC. The final Base64 output is structured as salt (16 bytes) || IV (12 or 16 bytes) || ciphertext, so the receiver only needs the password and the mode/key-length settings to decrypt. AES-GCM additionally authenticates the ciphertext; AES-CBC does not, so GCM is recommended.
▶Do I need to remember the salt and IV?
▶Why does decryption fail silently?
▶Should I choose AES-GCM or AES-CBC?
▶How strong is the key derivation?
Reference
If this tool has been helpful to you, consider buying me a coffee.
Buy me a coffee