AES Encrypt/Decrypt
Enter a password and your text — the platform runs AES encryption or decryption entirely in your browser. Nothing leaves your device!
- Select either Encrypt or Decrypt tab.
- Choose AES-256-CBC (standard) or AES-256-GCM (authenticated, more secure).
- Enter password/key (the same password is required for both encrypt and decrypt).
- Encrypt: Paste plaintext and click "Encrypt" to get Base64 ciphertext.
- Decrypt: Paste Base64 ciphertext and click "Decrypt" to restore plaintext.
Tip:All cryptographic operations run locally in your browser. Keys and plaintext are never uploaded.
When would you use this?
- When you need to encrypt a piece of sensitive text before sending it through chat, forms, or documents.
- When you want to verify in the browser that a password can correctly decrypt an existing AES ciphertext.
- When you are testing integrations and need to compare AES-CBC and AES-GCM behavior on the same input.
How should I choose between AES-CBC and AES-GCM?
Use AES-GCM when you want both confidentiality and tamper detection. Use AES-CBC only when you need compatibility with an existing system that already depends on CBC.
Why does the encrypted output change every time even with the same text and password?
That is expected. The tool generates a fresh salt and IV on every run, so the same plaintext does not produce the same ciphertext repeatedly.
What usually causes decryption to fail?
The most common causes are a different password, the wrong algorithm mode, or incomplete Base64 ciphertext. Check those three items first.
Does this tool send my plaintext or password to the server?
No. Encryption, decryption, and key derivation all happen locally in your browser through the Web Crypto API.
Can I send this Base64 ciphertext to a backend or another system?
Yes, but the other side must use the same algorithm, the same key derivation method, and the same data layout for salt, IV, and ciphertext. Matching the password alone is not enough.