Zero Snippet

AES-256 encrypt and decrypt online — GCM mode, PBKDF2 passphrase, client-side Web Crypto

Use this free AES encryption tool to turn UTF-8 text into a single-line authenticated ciphertext bundle using AES-256-GCM and a passphrase stretched with PBKDF2-HMAC-SHA256. The same page decrypts AES ciphertext produced here: paste the v1: string, enter your passphrase, and recover the original message. Copy output uses the copy icon; Upload file uses the upload icon to load UTF-8 text from disk. Everything runs in your browser via the Web Crypto API—ideal for learning symmetric encryption, API mocks, and local experiments. Pair this workflow with the hash generator for checksums, the HMAC generator for keyed digests, and the password strength meter when you tune passphrases. Browse every security and encryption tool from the home page.

Stored in the bundle. Higher is slower but harder to brute-force.

Ciphertext bundle

Uses AES-256-GCM with a random 12-byte IV and PBKDF2-HMAC-SHA256. The v1 bundle encodes salt, iteration count, IV, and ciphertext—do not modify it. For large files, prefer encrypting a file locally with age or gpg; this UI is for text-sized payloads.

What is AES-256-GCM and why use it for text encryption?

AES (Advanced Encryption Standard) with a 256-bit key is the symmetric algorithm most production systems rely on for bulk data protection. In GCM mode, each message uses a fresh random IV (nonce) and produces an authentication tag so ciphertext cannot be tampered with silently. That combination—confidentiality plus integrity—is what people mean by "authenticated encryption" in modern TLS and application crypto. This page targets searches like AES encrypt online, AES-256 decrypt text, and browser Web Crypto AES example while keeping keys derived from a passphrase you type, not from a pre-shared binary key file.

Passphrases are rarely 32 bytes of entropy on their own, so this tool applies PBKDF2 with SHA-256, a random 128-bit salt, and a configurable iteration count. The salt and iteration count travel inside the v1 bundle, so decryption only needs the passphrase and the pasted line—no separate metadata file. For password storage (logins), prefer dedicated password hashes such as bcrypt; use AES when you need to recover the original secret later, which is why teams still look for an AES encrypt decrypt workflow for documents, tokens at rest in dev environments, or teaching materials.

How to use this AES encrypt and decrypt tool (step by step)

  1. Open the Encrypt tab, enter a strong passphrase, and set PBKDF2 iterations (default 150,000). Higher iterations slow down brute-force guessing but take longer on low-end devices.
  2. Paste UTF-8 plaintext or click Upload file (upload icon) to load a .txt or UTF-8 file. Click Encrypt; the ciphertext appears as one line beginning with v1:.
  3. Use Copy output (copy icon) to store the bundle in a note, ticket, or config slot. Do not trim or edit the string—whitespace inside Base64 matters once you normalize line breaks.
  4. To decrypt, switch to Decrypt, paste the full v1: line, type the same passphrase, and click Decrypt. The iteration count is read from the bundle, so you do not re-enter it. Copy recovered plaintext with the same copy control.
  5. When something fails, verify the passphrase, ensure the bundle is complete, and cross-check related workflows: Base64 encode/decode if another system wrapped the payload differently, or the JWT encoder if you are mixing token formats.

Security notes for developers and students

Treat this page as a learning and testing utility, not a replacement for audited key management, HSMs, or regulated controls. Side-channel resistance, secure memory, and update policies differ between browsers and native code. If you ship production features, use well-maintained libraries in your stack, store secrets in vaults or KMS, and rotate keys on a schedule. For transport security you still rely on TLS; this tool addresses symmetric encryption of content at rest or in copy-paste workflows, not HTTPS itself. When you evaluate how strong a passphrase is before trusting it here, run it through the password strength meter and read the guidance on length and character sets.

Related security and developer tools

More from the security and encryption tools section:

  • Password Strength MeterScore password entropy, estimate crack time, and get practical hardening tips.
  • bcrypt Hash GeneratorGenerate bcrypt hashes with configurable cost for secure password storage testing.
  • RSA Key Pair GeneratorCreate 1024–4096 bit RSA public/private key pairs locally for demos and dev workflows.
  • CSP BuilderToggle Content-Security-Policy directives and copy a header value ready for your server.
  • Security Headers CheckerAnalyze security-related HTTP headers on any URL with graded guidance to harden responses.
  • JWT EncoderBuild HS256-signed JWTs from custom header and payload for API and auth testing.
  • HMAC GeneratorCreate HMAC-SHA256 or HMAC-SHA512 signatures with a secret for webhook and API verification.
  • SSL Certificate DecoderPaste PEM certificates to read subject, issuer, SANs, and validity windows.
  • .htaccess GeneratorAssemble common Apache .htaccess rules for redirects, HTTPS, caching, and access control.

Frequently asked questions

What does this AES encrypt and decrypt tool do in the browser?
You enter a passphrase and optional PBKDF2 iteration count, then encrypt UTF-8 text into a single-line ciphertext bundle using AES-256 in GCM mode with a random salt and IV. Decrypt reverses the process using the Web Crypto API. The iteration count is embedded in the bundle so you do not have to remember it when decrypting.
Is my passphrase or message sent to your servers?
No. Key derivation, encryption, and decryption run entirely in your browser tab after the page loads. Nothing is uploaded to this site for this tool.
Why AES-256-GCM and PBKDF2?
AES-256-GCM provides authenticated encryption: tampering is detected when decrypting. PBKDF2 with SHA-256 stretches a human passphrase into a strong 256-bit key and uses a random salt so identical passphrases do not produce identical keys.
What is inside the v1: ciphertext string?
The bundle is version 1, then Base64 of: 16-byte salt, 4-byte iteration count, 12-byte AES-GCM IV, and the ciphertext (which includes the authentication tag). Do not edit the string by hand.
Can I use this for production secrets or regulated data?
This page is aimed at developers learning formats and testing locally. Production systems should use vetted libraries, secure key management, threat modeling, and compliance review—not a generic browser demo.
Why does decryption fail with an error?
Usually the passphrase differs, whitespace was trimmed incorrectly, the bundle was corrupted, or the string was not produced by this tool. GCM also fails if ciphertext was altered.
How does this relate to password hashing or JWT signing?
Encryption hides data with a key; password storage normally uses one-way hashes like bcrypt. JWTs are often signed (HMAC or RSA), not AES-encrypted in the same way. Use the right primitive for each job.
Which other tools pair with AES testing?
Use the hash generator for checksums, Base64 tools for transport encoding, the HMAC generator for symmetric signatures, the JWT encoder for token experiments, and the password strength meter when evaluating passphrases.