Home / Developer tools / AES Encryption Tool

AES Encryption Tool

Encrypt and decrypt text in your browser with a password, using AES-GCM.

Text to encrypt

Password

Encrypted result (base64)

Everything runs entirely in your browser. Your text and password are never uploaded.

How to use this tool

This AES encryption online tool lets you scramble a message so only someone with the password can read it. To encrypt text in your browser, stay on the Encrypt tab, paste your message, pick a password, and press Encrypt. You will get a base64 string you can copy, save, or send. To decrypt an AES string, switch to the Decrypt tab, paste the base64 you received, enter the same password that was used to encrypt it, and press Decrypt to get the original text back. The same password must be used on both sides, since there is no way to recover the message without it.

How it works

cipher = AES-GCM(key, iv, plaintext) key = PBKDF2(password, salt, 250000 iterations, SHA-256) output = base64(salt + iv + cipher)

The JS crypto engine here is the browser's native Web Crypto API (crypto.subtle), so no external library is loaded. When you encrypt, a random 16-byte salt and a random 12-byte initialization vector (IV) are generated. Your password is stretched into a 256-bit AES key with PBKDF2 using 250,000 iterations of SHA-256, which makes brute-force guessing slow. The text is then encrypted with AES-GCM, an authenticated mode that also detects tampering. The salt, IV, and ciphertext are joined and encoded as base64 so the whole package travels as one string. Decryption reverses the steps: it splits out the salt and IV, derives the same key from your password, and verifies and decrypts the data.

A real example

Suppose you type the message Meet at 6pm and use the password river-otter-42. After pressing Encrypt you might get a base64 string such as k1Qa...n8w== (the exact value changes every time because the salt and IV are random). You send that string to a friend over chat. They paste it into the Decrypt tab, type the same password river-otter-42, press Decrypt, and read back Meet at 6pm. If they type the wrong password, decryption fails and no text is shown, because AES-GCM rejects data it cannot authenticate.

Common questions

Is my data sent to a server?

No. This is a fully client-side tool. The encryption and decryption happen in your browser using the Web Crypto API, and your text and password never leave your device.

What encryption does this use?

It uses AES-256 in GCM mode, with the key derived from your password through PBKDF2 (250,000 SHA-256 iterations). AES-GCM is an authenticated cipher, so it also detects if the encrypted data was changed.

Why can it not recover my message without the password?

The password is the only input used to rebuild the key. There is no stored copy and no backdoor, so if you forget the password the encrypted text cannot be decrypted by anyone, including you.

Why is the encrypted output different each time?

A fresh random salt and IV are generated on every encryption, so encrypting the same text twice produces different base64 output. This is expected and improves security.

Can I decrypt a string made by another AES tool?

Only if that tool uses the exact same format: AES-GCM, PBKDF2 with the same parameters, and the same salt and IV layout. Tools that differ in any of these will not be compatible.

Related tools

Base32 Encoder and Decoder
Base64 encoder
Bcrypt Password Hasher
Crontab Translator
CSS Minifier and Beautifier
Git Command Generator
HTML entity encoder
HTML Formatter and Minifier
HTML Table Generator
HTTP Status Code Finder
JavaScript Keycode Finder
JavaScript Obfuscator
JSON Formatter and Minifier
JSON to CSV converter
JSON to XML Converter
JWT debugger
Port Scanner Simulator
Regex tester
SQL Formatter
String Byte Length Counter
Subnet Mask Calculator
URL encoder
URL Query Parameter Parser
User-Agent Generator
UUID Generator