AES Encryption Guide
Complete guide to AES encryption, modes, and secure implementation practices.
AES Encrypt / Decrypt Online — AES-256, GCM, CBC, CTR
AES-128 · AES-192 · AES-256 · GCM · CBC · CTR — PBKDF2 key derivation · 100% browser-side
AES-GCM
Authenticated encryption — tamper-proof. Recommended.
✅ Recommended
AES-CBC
Classic block cipher mode. PKCS7 padding. No auth tag.
AES-CTR
Stream cipher mode — no padding, fast. No auth tag.
PBKDF2 derives a 256-bit AES key — 100,000 SHA-256 iterations + random salt
⚠️ Save this for decryption!
⚠️ Save this for decryption!
🔒
Enter text + password to encrypt
AES-256-GCM recommended — authenticated + tamper-proof
Ctrl+Enter Encrypt Ctrl+L Clear Ctrl+S Download
AES Encrypt/Decrypt by CalcNation — symmetric encryption using AES-128/192/256 with GCM, CBC, and CTR modes. Password-based key derivation via PBKDF2 (100,000 iterations). All operations run 100% in your browser — nothing is ever uploaded or stored.
Frequently Asked Questions
What is AES encryption and how does it work?
AES (Advanced Encryption Standard) is a symmetric block cipher adopted by NIST in 2001. It encrypts data in 128-bit blocks using a 128, 192, or 256-bit key. AES-256 provides 2^256 possible keys — effectively unbreakable with current computing power. This tool uses PBKDF2 to derive a strong AES key from your passphrase.
What is the difference between AES-GCM, CBC, and CTR modes?
GCM (Galois/Counter Mode) is authenticated encryption — it encrypts and produces an authentication tag to detect tampering. Recommended for most uses. CBC (Cipher Block Chaining) is the classic mode with PKCS7 padding — widely compatible but no auth tag. CTR (Counter Mode) is a stream cipher variant — fastest, no padding, but no authentication.
Why do I need to save IV and Salt? What happens if I lose them?
The IV (Initialization Vector) and Salt are required for decryption — without them it is mathematically impossible to decrypt the ciphertext, even with the correct password. They do not need to be secret, just stored. Always save them alongside your encrypted data.
Is this AES tool safe for encrypting real passwords or sensitive data?
This tool is safe for learning and moderate-security use cases. It uses the browser Web Crypto API (native, audited implementation) with strong PBKDF2 key derivation. For production security systems handling highly sensitive data, always use server-side implementations with professional security audits.
What is PBKDF2 and why 100,000 iterations?
PBKDF2 (Password-Based Key Derivation Function 2) converts your human-readable passphrase into a strong cryptographic key using a random salt and repeated SHA-256 hashing. 100,000 iterations makes brute-force attacks computationally expensive — an attacker trying millions of passwords would need enormous time and resources.
Related Blog Articles
You might also like
Related Tools
Popular
JWT Decoder
Decode JWT tokens — header, payload, claims, expiry countdown & security warnings.
Popular
URL Parser
Parse any URL into protocol, host, path, query params, and fragment — live breakdown, encoder/decoder, cURL generator and diff.
Popular
SQL Formatter
Format, minify & validate SQL. Auto-detect dialect, AI explain & optimize, code snippet generator.
New
HTML → Markdown
Convert HTML to clean Markdown. Tables, code blocks, GitHub flavored.
Popular
Cron Builder
Visual cron builder + raw editor. Human text, next 20 runs, 24h timeline, code export for 5 platforms.
Explore Other Tools
🎨 Media
PDF Password
Protect PDF with AES-256 password. Remove existing passwords. Set permissions. Bulk 5 PDFs.
🌾 Farming
Land Area Converter
Vigha → Aekar (Acre) → Bigha → Guntha → Hectare. Gujarat state default. 7/12 Satbara format, multi-plot total, land price calculator.
💰 Finance
EMI Calculator
Loan EMI with pie chart, amortization & total interest breakdown.