AES Encrypt Decrypt
Password-based AES-256-GCM encrypt/decrypt using Web Crypto API. All processing in browser.
Back to all tools on ToolForge
Encrypt
Decrypt
Result
About AES Encrypt Decrypt
This tool encrypts and decrypts text using AES-256-GCM with a password-derived key. It uses the Web Crypto API for secure, client-side encryption. All data stays in your browser - nothing is transmitted to any server.
How AES-256-GCM Encryption Works
- Key Derivation: Password is converted to a 256-bit key using PBKDF2 with 100,000 iterations and SHA-256
- Salt Generation: A random 16-byte salt ensures unique keys even for identical passwords
- IV Generation: A random 12-byte initialization vector ensures unique ciphertexts
- Encryption: AES-256-GCM encrypts the plaintext and generates an authentication tag
- Output: Salt + IV + ciphertext are concatenated and base64-encoded
Encryption Flow:
Password + Salt → PBKDF2 (100,000 iterations) → 256-bit AES Key
↓
Plaintext + IV + Key → AES-256-GCM → Ciphertext + Auth Tag
↓
Output: Base64(Salt || IV || Ciphertext)
Decryption Flow:
Base64 Input → Split into Salt, IV, Ciphertext
↓
Password + Salt → PBKDF2 → AES Key
↓
Ciphertext + IV + Key → AES-256-GCM Decrypt → Plaintext
AES-GCM Components
| Component | Size | Purpose |
|---|---|---|
| Salt | 16 bytes (128 bits) | Ensures unique key derivation from password |
| IV (Nonce) | 12 bytes (96 bits) | Ensures unique ciphertext for each encryption |
| Key | 32 bytes (256 bits) | AES encryption/decryption key |
| Auth Tag | 16 bytes (128 bits) | Verifies integrity and authenticity |
PBKDF2 Key Derivation
PBKDF2 (Password-Based Key Derivation Function 2) strengthens weak passwords:
- Iterations: 100,000 rounds of HMAC-SHA256 make brute-force expensive
- Salt: Random bytes prevent rainbow table attacks
- Output: Fixed-length 256-bit key suitable for AES-256
Common Use Cases
- Sensitive Data Storage: Encrypt passwords, API keys, or secrets before storing
- Secure Messaging: Encrypt messages to share with someone who knows the password
- Testing Encryption: Verify AES-GCM implementation behavior and output format
- Learning Cryptography: Understand how password-based encryption works
- Data Protection: Encrypt notes or files before uploading to cloud storage
Security Considerations
- Password Strength: Use long, random passwords (12+ characters) for strong encryption
- Password Management: Lost passwords mean lost data - there's no recovery
- IV Reuse: Never reuse IVs with the same key - this tool generates new ones each time
- Authentication: GCM mode detects tampering - modified ciphertext won't decrypt
- Client-Side Only: All processing happens in your browser using Web Crypto API
Output Format
The encrypted output is base64-encoded binary data containing:
Bytes 0-15: Salt (16 bytes) Bytes 16-27: IV (12 bytes) Bytes 28+: Ciphertext (variable length, includes auth tag) Example output: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIz... ↑ ↑ Salt (16 bytes) IV + Ciphertext
How to Encrypt and Decrypt with AES
- Encrypt: Enter plaintext, choose a password, and click "Encrypt".
- Copy output: The base64-encoded ciphertext appears in the result box.
- Decrypt: Paste the ciphertext, enter the same password, and click "Decrypt".
- View result: The decrypted plaintext appears if the password is correct.
Tips
- Use strong passwords (12+ random characters) for secure encryption
- Store passwords safely - there's no recovery if lost
- The same password always works - output differs due to random salt/IV
- Decrypt fails silently if password or ciphertext is wrong
Frequently Asked Questions
- How does password-based AES encryption work?
- The password is converted to a cryptographic key using PBKDF2 with 100,000 iterations and SHA-256. A random 16-byte salt ensures the same password produces different keys each time. The derived key encrypts data using AES-256-GCM, which provides both confidentiality and integrity verification.
- What is AES-256-GCM and why is it used?
- AES-256-GCM (Galois/Counter Mode) is an authenticated encryption algorithm. It provides confidentiality (data is encrypted), integrity (tampering is detected), and authenticity (verified decryption). The 256-bit key size offers strong security against brute-force attacks.
- What data is stored in the encrypted output?
- The output contains: 16-byte salt (for key derivation), 12-byte IV (initialization vector), and the ciphertext with authentication tag. All three are concatenated and base64-encoded. The salt and IV are non-secret and required for decryption.
- Why does the same password produce different encrypted output?
- Each encryption generates a new random salt and IV. This ensures identical plaintexts produce different ciphertexts, preventing pattern analysis. The salt and IV are embedded in the output, so decryption still works with the correct password.
- What happens if I use the wrong password?
- Decryption fails because AES-GCM verifies the authentication tag. If the password is wrong, the derived key won't match, the tag won't verify, and the Web Crypto API throws an error. This prevents silent decryption of corrupted data.
- Is my data sent to a server?
- No. All encryption and decryption happens locally in your browser using the Web Crypto API. Your password, plaintext, and ciphertext never leave your device. No data is transmitted to any server.