Free AES Encrypt Decrypt (Web Crypto) | Cryptography Tool

AES Encrypt Decrypt (Web Crypto)

Text to encryptKey (32 chars)

🔒 Privacy Protected

Your data is processed locally and never sent to any server.

FAQ

Keywords

aes encrypt decrypt (web crypto)devlocal processingprivacyfree online tool

How it works

AES (Advanced Encryption Standard) is the world's most widely deployed symmetric cipher, standardized by NIST in 2001 and used in TLS, disk encryption, file storage, and secure messaging. This tool uses the browser's native Web Crypto API — cryptographic operations execute in a sandboxed C++ engine, not JavaScript, and your plaintext never leaves your device.

**AES-GCM vs AES-CBC** AES-GCM (Galois/Counter Mode) is authenticated encryption — it produces a 128-bit authentication tag that detects any tampering with the ciphertext. AES-CBC (Cipher Block Chaining) provides confidentiality only; without an additional HMAC the ciphertext is malleable. For new applications, always prefer AES-GCM. The IV (initialization vector) must be unique per encryption operation — reusing an IV with the same key is catastrophic in GCM (it exposes the key stream) and dangerous in CBC (it leaks whether two messages share a common prefix).

**Key sizes and security** AES-128 is computationally secure against brute-force through at least 2080. AES-256 provides additional margin against theoretical quantum attacks (Grover's algorithm halves the effective key length, so AES-256 → 128-bit post-quantum security). For most applications, AES-128 is sufficient; AES-256 is required for classified government information (NSA Suite B).

**Password-based encryption** When deriving an AES key from a password, use PBKDF2, bcrypt, or Argon2 with a random 16-byte salt and at least 100,000 iterations. Never use raw SHA-256 of a password as an encryption key — it is trivially brute-forced with a GPU.

Frequently Asked Questions

What is the difference between AES-GCM and AES-CBC?

AES-GCM provides authenticated encryption — it produces a 128-bit authentication tag that detects any tampering with the ciphertext. AES-CBC provides confidentiality only; without an additional HMAC, the ciphertext is malleable and can be modified without detection. For new applications, always use AES-GCM. Also, reusing an IV with the same key in GCM mode is catastrophic — it exposes the key stream — so ensure every encryption uses a fresh random IV.

How should I derive an AES key from a password?

Use PBKDF2 with HMAC-SHA-256, a random 16-byte salt, and at least 100,000 iterations (NIST recommends 600,000 as of 2023). Never use a raw SHA-256 of a password as an AES key — a GPU can try billions of SHA-256 guesses per second. PBKDF2's iteration count forces each guess to require the same computational work as key derivation, making brute force ~100,000× more expensive.

Is AES-128 or AES-256 more secure?

Both are computationally secure for all foreseeable classical computing threats. AES-128 has no known practical attacks. AES-256 provides additional margin against theoretical quantum computers (Grover's algorithm halves the effective key length, so AES-256 retains 128-bit post-quantum security). For most applications, AES-128 is sufficient; AES-256 is required for US government classified information (NSA Suite B).

Does this tool send my data to a server?

No. All encryption and decryption runs in your browser using the Web Crypto API — a sandboxed C++ cryptographic engine built into the browser. Your plaintext, key, and ciphertext never leave your device. The Web Crypto API uses hardware entropy from the OS (equivalent to /dev/urandom) for IV generation.