AES Encryption Explained: How It Works and Why It Matters
Jun 23, 2026
Encrypt and decrypt text using AES-256-CBC and AES-256-GCM with password-based key derivation.
AES (Advanced Encryption Standard) is a symmetric encryption algorithm standardized by NIST in 2001. AES-256 uses a 256-bit key to encrypt data in 128-bit blocks, providing strong security for sensitive information.
This tool uses PBKDF2-HMAC-SHA-256 to derive a 256-bit key from your password. A random 16-byte salt is generated for each encryption. The encrypted output is formatted as: salt (16B) + IV + ciphertext, all Base64-encoded.
Yes. All encryption and decryption is performed in your browser using the Web Crypto API. Your plaintext, password, and encrypted data never leave your device. No data is transmitted to any server.
CBC provides confidentiality only — an attacker can modify the ciphertext without detection. GCM provides authenticated encryption (confidentiality + integrity) — any tampering with the ciphertext is detected during decryption. GCM is recommended for most applications.
The encrypted output includes the salt and IV, but not the mode or iteration count (to keep the output compact). For successful decryption, you must use the same mode and iterations as when encrypting. Consider appending the mode and iteration count to the encrypted output (e.g., AES-GCM:100000:Base64Data) for clarity.
This tool uses a specific format: PBKDF2-HMAC-SHA-256 key derivation with a 16-byte salt, followed by the IV and ciphertext. To be compatible, other tools must use the same key derivation algorithm, salt format, and output encoding. This tool follows the format used by many open-source encryption libraries.
PBKDF2 (Password-Based Key Derivation Function 2) converts a human-readable password into a cryptographic key of the required length (256 bits for AES-256). The iteration count makes brute-force attacks slower — each attempt requires all iterations. The default 100,000 iterations provides a good balance of security and performance.
Generate RSA key pairs in PEM format
Generate signed JWT tokens
Decode and verify JWT signatures
Generate HMAC signatures
Test password strength and entropy
Generate bcrypt password hashes
Blog
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026