AES Encrypt / Decrypt

How to Use AES Encrypt / Decrypt

This tool encrypts and decrypts text using AES-256-GCM, one of the strongest symmetric encryption algorithms available. All encryption happens in your browser — your data and password are never sent to any server.

Encrypting Text

Select Encrypt mode, enter a strong password, type or paste your plaintext message, and click Encrypt. The tool derives a 256-bit encryption key from your password using PBKDF2 with 100,000 iterations of SHA-256. A random 16-byte salt and 12-byte IV are generated for each encryption, ensuring the same plaintext encrypted twice produces different ciphertext.

Decrypting Text

Switch to Decrypt mode, enter the same password used for encryption, paste the Base64-encoded ciphertext, and click Decrypt. The tool extracts the salt and IV from the ciphertext, derives the same key using PBKDF2, and decrypts using AES-256-GCM. If the password is wrong or the ciphertext is tampered with, decryption will fail with an error.

Security Details

AES-256-GCM provides both confidentiality and integrity (authenticated encryption). The GCM mode generates an authentication tag that detects any tampering with the ciphertext. PBKDF2 with 100,000 iterations makes brute-force password attacks computationally expensive.

Frequently Asked Questions

Q: Is this encryption secure?

A: Yes, AES-256-GCM is approved by NIST and used by governments and military organizations worldwide. Security depends primarily on your password strength — use a long, random password for best protection.

Q: Can I decrypt on a different device?

A: Yes. Copy the Base64 output and use this same tool on any device with the correct password. The salt and IV are embedded in the output.

Q: What happens if I enter the wrong password?

A: Decryption will fail with an authentication error. AES-GCM detects incorrect keys or tampered ciphertext and refuses to produce output, preventing partial or corrupted decryption.