AES Encryptor / Decryptor

About This Tool

The AES Text Encryptor uses AES-GCM (Galois/Counter Mode), an authenticated encryption scheme that provides both confidentiality and integrity. The password is stretched into a cryptographic key using PBKDF2 with 100,000 iterations and SHA-256, making brute-force attacks expensive.

The output format is Base64(salt + IV + ciphertext + auth_tag). This is a self-contained blob — paste it back to decrypt. All cryptographic operations use the browser's native crypto.subtle API. Nothing is sent to a server.

How to Use

1. Select Encrypt or Decrypt mode.
2. Enter a strong password (the same password must be used for both encryption and decryption).
3. In Encrypt mode, type or paste the plaintext or click Sample for an example.
4. In Decrypt mode, paste the Base64 ciphertext produced by this tool.
5. Click Encrypt / Decrypt and copy the result.

Use Cases

Developers encrypt sensitive configuration snippets before storing them in plaintext notes or sharing via insecure channels. Security researchers encrypt test payloads to verify AES-GCM decryption logic. Teams share encrypted credentials in public wikis where only the recipient knows the password.

FAQ

• Is this tool safe for production secrets? — The encryption is cryptographically strong, but web-based tools carry inherent risks (browser extensions, clipboard access). For production secrets, use a dedicated secrets manager or CLI tool.
• Why does the same plaintext produce different ciphertext each time? — A new random salt and IV are generated on every encryption. This is correct — it prevents an attacker from detecting that you encrypted the same message twice.
• What happens if I use the wrong password? — AES-GCM includes an authentication tag. If the password is wrong, decryption will fail with an error rather than producing garbled output.
• Can I decrypt this in another programming language? — Yes. The format is standard AES-256-GCM with PBKDF2 key derivation. Equivalent code exists for Python, Node.js, and Java.