What is AES encryption?

AES (Advanced Encryption Standard) is a symmetric encryption algorithm widely adopted worldwide for securing sensitive data. Developed by Belgian cryptographers Joan Daemen and Vincent Rijmen, it was selected by NIST in 2001 as the standard for encrypting electronic data, replacing the older DES algorithm.

Symmetric encryption means the same secret key is used for both encrypting and decrypting data. AES operates on fixed-size blocks of 128 bits and supports three key lengths: 128, 192, and 256 bits. The longer the key, the more secure the encryption—AES-256 is considered virtually unbreakable with current computing technology.

How does AES-GCM work?

AES-GCM (Galois/Counter Mode) is an authenticated encryption mode that provides both confidentiality and data integrity. Unlike basic AES modes, GCM not only encrypts your data but also generates an authentication tag that detects any tampering with the ciphertext.

The encryption process involves:

  1. Key derivation: Your password is transformed into a cryptographic key using PBKDF2 (Password-Based Key Derivation Function 2) with 100,000 iterations and SHA-256 hashing
  2. Salt generation: A random 16-byte salt ensures the same password produces different keys each time
  3. IV creation: A 12-byte initialization vector (IV) ensures identical plaintexts encrypt to different ciphertexts
  4. Encryption: The plaintext is encrypted using AES-GCM with the derived key
  5. Output packaging: Salt, IV, and ciphertext are combined and encoded in Base64

Tool description

This AES Encryptor Decryptor tool provides secure client-side encryption and decryption using the Web Crypto API. All cryptographic operations happen entirely in your browser—your data and passwords never leave your device.

The tool supports all three AES key sizes (128, 192, and 256 bits) and uses industry-standard security practices including PBKDF2 key derivation, random salt generation, and authenticated encryption with AES-GCM.

Examples

Encrypting text:

  • Input: Hello, World!
  • Password: mySecurePassword123
  • Mode: AES-256
  • Output: Base64-encoded ciphertext (varies each time due to random salt/IV)

Decrypting text:

  • Input: [Previously encrypted Base64 string]
  • Password: mySecurePassword123 (same password used for encryption)
  • Mode: AES-256 (same mode used for encryption)
  • Output: Hello, World!

Features

  • Multiple key sizes: Choose between AES-128, AES-192, or AES-256 encryption strength
  • Client-side processing: All encryption and decryption happens in your browser using the Web Crypto API
  • Authenticated encryption: AES-GCM mode provides both confidentiality and integrity protection
  • Secure key derivation: PBKDF2 with 100,000 iterations protects against brute-force attacks
  • Base64 output: Encrypted data is encoded in Base64 for easy copying and sharing

Use cases

  • Secure message sharing: Encrypt sensitive messages before sending via email or messaging apps
  • Password-protected notes: Create encrypted notes that only you can read with your secret password
  • Sensitive data storage: Encrypt personal information before saving to cloud storage or local files
  • Developer testing: Test encryption implementations or verify encrypted data formats
  • Educational purposes: Learn how symmetric encryption works with real-time encryption and decryption