TL
Tool Lab
πŸ’°Donate
πŸ’°Donate

AES Encryptor / Decryptor

Encrypt and decrypt text using AES-256-GCM with PBKDF2 key derivation in your browser.

Password
Key Size
Plaintext

About This Tool

The AES Text Encryptor uses AES-GCM (Galois/Counter Mode), an authenticated encryption scheme that provides both confidentiality and integrity. The password is stretched into a cryptographic key using PBKDF2 with 100,000 iterations and SHA-256, making brute-force attacks expensive. A random 16-byte salt and 12-byte IV are generated for each encryption, so encrypting the same plaintext with the same password produces a different ciphertext every time.

The output format is Base64(salt + IV + ciphertext + auth_tag). This is a self-contained blob β€” paste it back to decrypt. All cryptographic operations use the browser's native crypto.subtle API. Nothing is sent to a server.

How to Use

  1. Select Encrypt or Decrypt.
  2. Enter a strong password (the same password must be used for both encryption and decryption).
  3. In Encrypt mode, type or paste the plaintext. Click Sample for an example.
  4. In Decrypt mode, paste the Base64 ciphertext produced by this tool.
  5. Click Encrypt / Decrypt and copy the result.

Use Cases

Developers encrypt sensitive configuration snippets before storing them in plaintext notes or sharing them with a colleague via an insecure channel. Security researchers encrypt test payloads to verify that their decryption logic handles AES-GCM correctly. Users who want to store encrypted text notes locally use this tool to produce a ciphertext they can decrypt later with the same password. Teams share encrypted credentials in public wikis where only the recipient knows the password.

FAQ

  • Is this tool safe for production secrets? β€” The encryption is cryptographically strong, but web-based tools carry inherent risks (browser extensions, clipboard access). For production secrets, use a dedicated secrets manager or CLI tool.
  • Why does the same plaintext produce different ciphertext each time? β€” A new random salt and IV are generated on every encryption. This is correct and expected behavior β€” it prevents an attacker from detecting that you encrypted the same message twice.
  • What happens if I use the wrong password? β€” AES-GCM includes an authentication tag. If the password is wrong, decryption will fail with an error rather than producing garbled output.
  • Can I decrypt this in another programming language? β€” Yes. The format is standard AES-256-GCM with PBKDF2 key derivation. Equivalent code exists for Python (cryptography library), Node.js (crypto module), and Java (javax.crypto).