AES (Advanced Encryption Standard) is the industry-standard symmetric encryption algorithm used worldwide to protect sensitive data. AES-GCM (Galois/Counter Mode) provides both confidentiality and authenticity in a single operation. This tool encrypts and decrypts text using AES-256-GCM entirely in your browser via the Web Crypto API - no data ever leaves your machine.
Encryption Process:
Decryption Process:
Security Notes
To encrypt: enter your plaintext message and a strong password or passphrase. The tool derives a 256-bit AES key from your password using PBKDF2 with a random salt and 100,000 iterations. Click 'Encrypt' to produce a Base64-encoded ciphertext that includes the salt, initialization vector (IV), and authentication tag. To decrypt: paste the encrypted output and enter the same password. The tool extracts the embedded salt and IV, re-derives the key, and decrypts the ciphertext. If the password is wrong or the data has been tampered with, decryption fails with an authentication error.
AES encryption is used for securely sharing sensitive information like passwords and API keys with colleagues, encrypting configuration files and environment variables before committing to version control, protecting personal notes and documents stored in cloud services, encrypting data before transmitting over insecure channels, creating self-contained encrypted messages for email or chat, and testing encryption workflows during application development without needing a backend server.
AES-GCM is an authenticated encryption mode that provides both confidentiality (encryption) and integrity (authentication tag). The tool uses the Web Crypto API (crypto.subtle) for all cryptographic operations, ensuring native performance and security. Key derivation uses PBKDF2 with SHA-256, a 16-byte random salt, and 100,000 iterations to convert the password into a 256-bit AES key. Each encryption generates a unique 12-byte initialization vector (IV). The output bundles salt + IV + ciphertext + auth tag into a single Base64 string for easy transport.
AES-GCM (Advanced Encryption Standard in Galois/Counter Mode) is an authenticated encryption algorithm that simultaneously encrypts data and produces an authentication tag. This means it protects both the confidentiality of your data and verifies that it has not been modified. AES-256-GCM uses a 256-bit key, providing 2^256 possible key combinations.
Yes, when using the Web Crypto API. This tool uses the browser's native crypto.subtle interface, which runs cryptographic operations in a secure, sandboxed environment. No data is transmitted to any server. However, always ensure you are using HTTPS and trust the website serving the tool.
There is no way to recover encrypted data without the original password. AES encryption is designed so that the ciphertext is computationally impossible to decrypt without the correct key. Always store your passwords securely using a password manager.
Convert images to Base64-encoded data URIs for embedding in HTML and CSS.
Escape HTML special characters or decode entities. Prevent XSS and display reserved characters safely.
Decode Base64 strings back to viewable and downloadable images.
Transform, format, generate, and encode data instantly. Private, fast, and always free.
Browse All Tools