Free Online AES Encrypt / Decrypt Tool

An AES encrypt/decrypt tool transforms plaintext to authenticated ciphertext and back using AES-256-GCM per FIPS 197, with a key derived from a passphrase via PBKDF2.

Your data is processed entirely in your browser and never sent to any server.

Instant results 100% private No signup needed
Educational use only. AES-256-GCM with PBKDF2 is strong, but real secret management needs proper key infrastructure (a KMS, password manager or HSM). Never paste live secrets into any browser tool.

How to Use This Tool

  1. Pick Encrypt or Decrypt using the buttons at the top.
  2. Enter your passphrase — long passphrases are far stronger than short complex ones.
  3. Paste the plaintext (encrypt mode) or the Base64 ciphertext blob (decrypt mode) into the input.
  4. Click Encrypt or Decrypt. Copy the result with the Copy output button.

What Is an AES Encrypt / Decrypt?

AES (Advanced Encryption Standard, FIPS 197) is the symmetric block cipher that protects data at rest and in transit across virtually all modern systems — TLS 1.3, full-disk encryption (BitLocker, FileVault, LUKS), password managers, and end-to-end messaging apps. This tool uses AES-256 in Galois/Counter Mode (GCM), which adds a 128-bit authentication tag so any tampering with the ciphertext is detected on decrypt.

Because AES requires a fixed-size key, your passphrase is stretched through PBKDF2-HMAC-SHA256 with 100,000 iterations and a random 16-byte salt to derive a 256-bit key. The output blob packs the salt, the random 12-byte IV, the ciphertext and the GCM authentication tag together as Base64 — share that blob and the passphrase out-of-band with whoever needs to decrypt.

This is an educational and quick-use tool, not a key-management system. Real secrets belong in a KMS, an HSM, or an audited password manager. Do not paste production keys or live customer data into any browser tool, including this one.

Frequently Asked Questions

What key size is used?
AES-256-GCM. The 256-bit key is derived from your passphrase using PBKDF2-HMAC-SHA256 with 100,000 iterations and a random salt.
What does the output contain?
Base64 of: salt (16 bytes) || IV (12 bytes) || ciphertext+tag. You only need the passphrase and this blob to decrypt.
Should I use this for real secrets?
No. Use it for testing, demos and learning. Production secret management needs a proper KMS or password manager, not a browser tool.

Published by the WeGotEveryTool team. We build and test every tool in-house and update pages when the underlying spec, formula, or recommendation changes.

Reviewed: May 2026. Disclaimer: this tool is provided as-is for general informational use. For decisions with material consequences (medical, legal, financial, security) verify results against a qualified professional source.

Related Encryption & Security

HMAC Generator

Generate HMAC (keyed-hash MAC). Verify integrity and authenticity with a shared secret key.

JWT Generator

Create signed JWT tokens with HS256, HS384 or HS512. Counterpart to the JWT decoder.

Secure Password Generator

Generate cryptographically random passwords with entropy display and custom symbol sets.

Diceware Passphrase Generator

Generate Diceware-style passphrases. Memorable multi-word passwords with configurable length and separators.

API Key Generator

Generate cryptographically random API keys. Hex, Base64, Base62 or alphanumeric with optional prefix.

You Might Also Like

Base64 Encoder

Developer Tools