Home/Security Tools/AES encrypt / decrypt

AES encrypt / decrypt

AES Encrypt and Decrypt Tool

Runs in your browser using WebCrypto — no network requests.

Local only AES-GCM / AES-CBC

Plaintext

Key

Passphrase mode produces a shareable bundle. Raw-key mode is for advanced use.

PBKDF2 (SHA-256) • 200000 iterations • 256-bit key

IV / nonce (Base64)

Output

Ciphertext is Base64. Bundle is recommended for sharing (passphrase mode).

WebCrypto powered AES-GCM is authenticated AES-CBC needs integrity checks

How it works

Derives a key from your passphrase (PBKDF2) or uses a raw key, then encrypts/decrypts with AES-GCM or AES-CBC entirely in your browser.

  • AES-GCM provides integrity; AES-CBC needs an HMAC for tamper detection.
  • Never reuse IVs/nonces; pick a new random one for each encryption.

Quick examples

Encrypt note
Alg: AES-GCM | Passphrase
Outputs Base64 ciphertext + IV + salt
Decrypt file
Alg: AES-CBC | Raw key
Returns plaintext; remember to verify with HMAC

Export your IV and salt alongside ciphertext.

Mini FAQ

When to use GCM vs CBC?

Use GCM by default; use CBC only when compatibility requires it.

How long should the IV be?

12 bytes for GCM, 16 bytes for CBC are typical.

Why PBKDF2 iterations?

More iterations make key derivation slower for attackers; 100k+ is a common floor.