Converters

AES Encrypt & Decrypt

Encrypt and decrypt text locally in your browser with AES-GCM, PBKDF2 password-based key derivation, random salt, random IV, and Base64 JSON package output.

Tool

AES Encrypt & Decrypt

Encrypt and decrypt text locally in your browser with AES-GCM, PBKDF2 password-based key derivation, random salt, random IV, and Base64 JSON package output.

This tool runs in your browser. Your input is processed locally and is not uploaded.

About this Tool

Use this free online AES encrypt and decrypt tool to encrypt text locally in your browser with AES-GCM and a password-derived key. The tool derives the key with PBKDF2, creates a fresh random salt and IV, and returns a portable Base64 JSON package. AES-GCM provides authenticated encryption, so decryption fails if the password is wrong or the package has been changed. Keep the password separate from the ciphertext, and do not rely on this tool as a full secret-management system.

Examples

  • Encrypt a private note with a password
  • Decrypt the AES-GCM package with the same password
  • Store an encrypted text blob locally
  • Share ciphertext and keep the password separate
  • Decrypt fails when the password is wrong
  • Decrypt fails when ciphertext is modified
  • Unicode text such as ÄÖÜ € 😀 can be encrypted and decrypted
  • The output package contains salt, IV and ciphertext

Frequently Asked Questions

What does AES-GCM mean?

AES is a widely used symmetric encryption algorithm, and GCM is an authenticated encryption mode. AES-GCM encrypts the text and also detects many types of tampering during decryption.

Is AES encryption done in my browser?

Yes. This tool is designed for browser-only encryption. The plaintext, password, salt, IV, and ciphertext are handled locally in your browser.

What is PBKDF2 used for?

PBKDF2 derives an encryption key from your password and a random salt. This makes password guessing more expensive than using the raw password directly as a key.

Why are salt and IV included in the output?

The salt is needed to derive the same key from the password, and the IV is needed for AES-GCM decryption. They must be stored with the ciphertext so the package can be decrypted later.

Are salt and IV secret?

No. Salt and IV values are not passwords and do not need to be hidden, but they should be unique for each encryption. The password is the secret value you must protect.

Can I decrypt without the password?

No. The password is required to derive the decryption key. If the password is lost, the encrypted text cannot be decrypted by this tool.

What happens if the encrypted package is modified?

AES-GCM authentication should cause decryption to fail when the ciphertext, IV, salt, or authentication data has been changed. The tool reports a clean error instead of returning untrusted plaintext.

Is this the same as hashing?

No. Encryption is reversible with the correct password. Hashing is one-way and is used for checksums, password verification, and fingerprints where the original text should not be recovered.

Can I encrypt files with this tool?

This tool is focused on text input and text package output. For large files or production workflows, use a dedicated file encryption tool with clear storage, backup, and key-management practices.

Should I paste highly sensitive production secrets into browser tools?

Be careful. This tool is designed to run locally in the browser, but production secrets often require audited workflows, controlled devices, access logs, and organization-approved security tooling.

Related Tools