AES Encrypt & Decrypt
Encrypt and decrypt text with AES-256-GCM using a password. All processing happens client-side in your browser using the Web Crypto API — no data is ever sent to a server.
100% Client-Side
Mode:
Use a strong, unique password. The same password must be used to decrypt.
AES Encrypt & Decrypt — AES-256-GCM Online Tool
AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) is a symmetric authenticated encryption algorithm. It provides both confidentiality and integrity protection, ensuring that tampered ciphertext will fail to decrypt.
How It Works
- Key Derivation: Your password is stretched using PBKDF2 with SHA-256 and 100,000 iterations to produce a 256-bit AES key. A random 16-byte salt ensures uniqueness each time.
- Encryption: AES-GCM encrypts the plaintext with a random 12-byte initialization vector (IV) and produces an authentication tag.
- Output: The salt, IV, and ciphertext are concatenated and base64-encoded into a single portable string.
Security Notes
- The strength of the encryption depends entirely on the strength of your password. Use long, random passwords.
- Each encryption produces a unique ciphertext even for identical plaintext and password, due to random salt and IV.
- GCM mode detects tampering — if even one byte of the ciphertext is modified, decryption will fail.
- This tool uses the browser's native Web Crypto API, which is implemented in optimized native code.