AES Encrypt/Decrypt Text

Securely encrypt and decrypt text using AES-256 GCM in your browser. Supports PBKDF2 passwords, raw hex keys, and custom initialization vectors.

Was this tool helpful?

How to Use

Our AES Encrypt/Decrypt tool provides military-grade cryptography entirely within your browser. By utilizing the native Web Crypto API, it ensures that your plaintext, passwords, and encryption keys are never transmitted over the internet, offering perfect privacy.

Using Password Mode

Select Encrypt or Decrypt: Choose whether you want to secure a message or reveal an already secured one.
Enter your Secret Text: Type the message you want to encrypt, or paste the Base64/Hex ciphertext you want to decrypt.
Set a Strong Password: The tool uses PBKDF2 with 600,000 iterations to derive a secure 256-bit AES key.
Process: Click the Encrypt/Decrypt button. Your output will automatically contain the Salt, IV, and Ciphertext bundled together.

About This Tool

AES-GCM (Recommended) is Galois/Counter Mode. It provides both confidentiality and data origin authentication. If an attacker alters even a single bit of the output, the decryption will immediately fail with an integrity error. This prevents tampering.

AES-CBC (Legacy) is Cipher Block Chaining. It is widely used in older systems. It requires a 16-byte IV and uses PKCS#7 padding by default. It provides confidentiality but does not guarantee integrity against tampering.

Why Use This Tool

Many basic online AES tools use outdated, insecure key derivation methods like MD5 (e.g., OpenSSL's legacy EVP_BytesToKey) or they use ECB mode, which doesn't hide data patterns. They also frequently send your secret data to a backend server for processing.

Our tool uses the browser's native Web Crypto API. We enforce 600,000 rounds of PBKDF2 hashing for password derivation (matching modern OWASP recommendations) and provide a "Raw Key" mode for developers who need to debug specific cryptographic systems. Everything happens 100% locally on your machine.

FAQ

Is my text or password sent to a server?

No. This tool runs 100% locally in your browser using the native Web Crypto API. Your plaintext, passwords, and keys never leave your device.

What is AES-GCM?

AES-GCM (Galois/Counter Mode) is a highly secure encryption mode that provides both confidentiality (encryption) and authenticity (integrity checking). It prevents attackers from tampering with the encrypted data.

How are passwords converted into encryption keys?

We use the PBKDF2 algorithm with HMAC-SHA-256 and 600,000 iterations to derive a secure 256-bit AES key from your password, following the latest OWASP security recommendations.

What is the output format in Password Mode?

To ensure you can decrypt the text later, the output is a combined package containing the randomly generated 16-byte Salt, the Initialization Vector (IV), and the Ciphertext, all encoded together as a single Base64 or Hex string.