AES Encryption – Encrypt & Decrypt Online Password-based AES-GCM encryption in your browser.
100% offline
Plaintext33 chars
Encrypted (Base64)
Enter text and a password to encrypt.
Encryption happens locally in your browser via Web Crypto — your text and password are never uploaded.

About AES Encryption – Encrypt & Decrypt Online

This free AES encrypt / decrypt tool protects text with a password, entirely in your browser. It uses AES-GCM — an authenticated cipher that both encrypts and detects tampering — with a 256-bit key derived from your password using PBKDF2 (SHA-256, 100,000 iterations). The result is a single self-contained Base64 blob that bundles the random salt, nonce, and ciphertext, so you only need the blob and the password to get your text back.

Use it to share a secret, store a small encrypted note, or test AES-GCM payloads. Because it runs on the Web Crypto API, your plaintext and password never leave the device — there's no upload, no server, and it works fully offline.

Features

  • AES-GCM 256-bit, authenticated (detects tampering)
  • Password-based key derivation with PBKDF2 / SHA-256
  • Self-contained Base64 output — salt + IV + ciphertext in one blob
  • Full UTF-8 support, including emoji and non-Latin text
  • Runs locally via Web Crypto — nothing is uploaded

How to use

  1. Choose Encrypt or Decrypt with the mode toggle.
  2. Paste your text (plaintext to encrypt, or a Base64 blob to decrypt).
  3. Enter a password — the same one is required to decrypt later.
  4. Copy the resulting blob (or recovered plaintext) with the copy button.

Frequently asked questions

Is this encryption secure?

It uses AES-GCM with a 256-bit key and PBKDF2 (100,000 SHA-256 iterations) with a random per-message salt — strong, standard primitives. Security ultimately depends on your password: a long, unique passphrase is essential, since a weak one can be brute-forced offline.

What does the encrypted output contain?

A single Base64 blob that packs the random 16-byte salt, the 12-byte AES-GCM nonce, and the ciphertext plus its authentication tag. Both the salt and nonce are random for every message, so encrypting the same text twice yields different output.

Why does decryption fail?

Decryption fails on a wrong password, a corrupted or truncated blob, or any tampering. AES-GCM is authenticated, so even a single changed byte is rejected rather than returning garbage — the tool surfaces this as a clear error.

Does my data get uploaded anywhere?

No. All encryption and decryption happen locally in your browser through the Web Crypto API. Your text and password are never sent over the network and the tool works completely offline.

How is this different from hashing?

Encryption is reversible — with the password you can recover the original text. A hash (like SHA-256) is one-way and cannot be reversed. Use AES to protect data you need back later, and a hash for fingerprints and integrity checks.

Related tools

Hash Generator — SHA-256, SHA-1 & SHA-512 Online SHA-1, SHA-256 and SHA-512 digests HMAC Generator Online — SHA-256, SHA-512 & SHA-1 Generate keyed-hash MACs locally. Base64 Encode & Decode Online – Free Tool Encode and decode Base64 strings PBKDF2 Key Derivation Generator (SHA-256) Derive keys from passwords with PBKDF2

Everything runs locally in your browser — your input is never uploaded.