AES encrypt / decrypt
AES Encrypt and Decrypt Tool
Runs in your browser using WebCrypto — no network requests.
Local only AES-GCM / AES-CBC
Plaintext
Key
Passphrase mode produces a shareable bundle. Raw-key mode is for advanced use.
PBKDF2 (SHA-256) • 200000 iterations • 256-bit key
IV / nonce (Base64)
Output
Ciphertext is Base64. Bundle is recommended for sharing (passphrase mode).
WebCrypto powered AES-GCM is authenticated AES-CBC needs integrity checks
Learn more
What is AES-GCM?
AES-GCM provides encryption and integrity. If ciphertext is modified, decryption fails. It is the recommended default for new systems.
Inputs explained
- Salt is used only for passphrase → key derivation.
- IV/nonce must be random and unique per encryption.
- Ciphertext is Base64 output you can store or transmit.
Security notes
- Never reuse an IV with the same key (especially for AES-GCM).
- AES-CBC does not authenticate data; use AES-GCM or add an HMAC.
- Use strong passphrases, or prefer random raw keys for high security.