AES Encryption / Decryption

Encrypt and decrypt text using AES-256-CBC and AES-256-GCM with password-based key derivation.

  1. Home
  2. > Hash & Security >
  3. AES Encryption / Decryption

What is AES Encryption?

AES (Advanced Encryption Standard) is a symmetric encryption algorithm standardized by NIST in 2001. AES-256 uses a 256-bit key to encrypt data in 128-bit blocks, providing strong security for sensitive information.

Supported Modes

  • AES-256-CBC (Cipher Block Chaining) — Each block is XORed with the previous ciphertext block before encryption. Requires a 16-byte IV. Does not provide authentication (tamper detection).
  • AES-256-GCM (Galois/Counter Mode) — Provides both encryption and authentication (integrity verification). Requires a 12-byte IV/nonce. Recommended for most applications.

Key Derivation

This tool uses PBKDF2-HMAC-SHA-256 to derive a 256-bit key from your password. A random 16-byte salt is generated for each encryption. The encrypted output is formatted as: salt (16B) + IV + ciphertext, all Base64-encoded.

How to Use This Tool

Encrypt

  1. Enter the plaintext you want to encrypt.
  2. Enter a strong password.
  3. Select AES mode (GCM recommended).
  4. Click "Encrypt" — the encrypted Base64 output includes salt, IV, and ciphertext.
  5. Share the encrypted output and password with the recipient (via a secure channel).

Decrypt

  1. Paste the encrypted Base64 string.
  2. Enter the same password used for encryption.
  3. Select the same AES mode and iterations.
  4. Click "Decrypt" — the original plaintext is recovered.

Frequently Asked Questions

Is it safe to use this tool for sensitive data?

Yes. All encryption and decryption is performed in your browser using the Web Crypto API. Your plaintext, password, and encrypted data never leave your device. No data is transmitted to any server.

What is the difference between CBC and GCM?

CBC provides confidentiality only — an attacker can modify the ciphertext without detection. GCM provides authenticated encryption (confidentiality + integrity) — any tampering with the ciphertext is detected during decryption. GCM is recommended for most applications.

Why do I need to remember the mode and iterations?

The encrypted output includes the salt and IV, but not the mode or iteration count (to keep the output compact). For successful decryption, you must use the same mode and iterations as when encrypting. Consider appending the mode and iteration count to the encrypted output (e.g., AES-GCM:100000:Base64Data) for clarity.

Can I decrypt data encrypted by other tools?

This tool uses a specific format: PBKDF2-HMAC-SHA-256 key derivation with a 16-byte salt, followed by the IV and ciphertext. To be compatible, other tools must use the same key derivation algorithm, salt format, and output encoding. This tool follows the format used by many open-source encryption libraries.

What is PBKDF2 and why is it used?

PBKDF2 (Password-Based Key Derivation Function 2) converts a human-readable password into a cryptographic key of the required length (256 bits for AES-256). The iteration count makes brute-force attacks slower — each attempt requires all iterations. The default 100,000 iterations provides a good balance of security and performance.

Help2Code Logo
Menu
Blog
Encoder & Decoder
Utility
General
Image Tools
PDF Tools
Minifier
Web Dev
Laravel
Tailwind