🔒

AES-GCM Encryption Online — Authenticated Encryption Tool

AES-128 · AES-192 · AES-256 · GCM · CBC · CTR — PBKDF2 key derivation · 100% browser-side

Key
Out
AES-GCM
Authenticated encryption — tamper-proof. Recommended.
✅ Recommended
AES-CBC
Classic block cipher mode. PKCS7 padding. No auth tag.
AES-CTR
Stream cipher mode — no padding, fast. No auth tag.
PBKDF2 derives a 256-bit AES key — 100,000 SHA-256 iterations + random salt
⚠️ Save this for decryption!
⚠️ Save this for decryption!
🔒
Enter text + password to encrypt
AES-256-GCM recommended — authenticated + tamper-proof
Ctrl+Enter Encrypt   Ctrl+L Clear   Ctrl+S Download
📊 Your Stats
0operations
0 secondstime saved

⚙️ How It Works

1
Password → Key
PBKDF2 derives AES key from passphrase + salt (100K SHA-256 iterations)
2
Random IV
Unique IV ensures different ciphertext every time, even for same input
3
AES Encrypt
Browser Web Crypto API — native, audited, zero third-party libs
4
Base64 / Hex Out
Encrypted bytes encoded to readable, copy-pasteable format

🔄 Mode Comparison

ModeAuthSpeed
GCMFast
CBCFast
CTRFastest

💡 Security Tips

✅ Use GCM — detects tampering

✅ Use AES-256 for max security

✅ Use 12+ char passphrase

⚠️ Save IV + Salt — required to decrypt

⚠️ Never reuse same IV for different messages

🔒 No data leaves your browser — ever

🔒

AES-GCM (Galois/Counter Mode) combines AES encryption with a Galois Message Authentication Code. It not only encrypts your data but also ensures it hasn't been tampered with — making it the most secure AES mode for modern applications.

Frequently Asked Questions

What makes AES-GCM better than AES-CBC?

AES-GCM provides authenticated encryption — it produces an authentication tag (16 bytes) that verifies both data integrity and authenticity. If even a single bit of the ciphertext is changed, decryption will fail with an authentication error. AES-CBC has no such protection.

What IV size should I use for AES-GCM?

AES-GCM standard recommends a 96-bit (12-byte) IV. This tool automatically generates a random 12-byte IV. Never reuse the same IV with the same key — doing so completely breaks GCM's security guarantees.

What is the GCM authentication tag?

AES-GCM automatically appends a 128-bit (16-byte) authentication tag to the ciphertext. During decryption, the Web Crypto API verifies this tag before returning plaintext. If tampered, decryption throws an error.