KitMul MarkKitMul Text

Encrypt and Decrypt with AES

Encrypt and decrypt text using AES-CBC or AES-GCM directly in your browser with the Web Crypto API.

The AES Encryption tool lets you encrypt plaintext into ciphertext and decrypt it back using the Advanced Encryption Standard. Choose between AES-CBC and AES-GCM modes, provide or generate a 128/192/256-bit key and initialization vector, and process data entirely in your browser with zero server interaction.

Loading...
Your data stays in your browser
Tutorial

How to Use

1
1

Choose algorithm and operation

Select AES-GCM or AES-CBC mode and toggle between encrypt and decrypt depending on your task.

2
2

Provide or generate key and IV

Enter a hex-encoded encryption key and initialization vector, or click the generate buttons to create cryptographically secure random values.

3
3

Process and copy the result

Enter your plaintext or Base64-encoded ciphertext, click the process button, and copy the output to your clipboard.

Guide

Complete Guide to AES Encryption

Understanding AES

The Advanced Encryption Standard (AES) was established by the U.S. National Institute of Standards and Technology (NIST) in 2001 after a five-year selection process. It replaced the aging Data Encryption Standard (DES) and is based on the Rijndael cipher designed by Belgian cryptographers Joan Daemen and Vincent Rijmen. AES operates on fixed 128-bit blocks and supports key lengths of 128, 192, and 256 bits.

Block Cipher Modes of Operation

AES by itself only encrypts a single 128-bit block. To handle messages of arbitrary length, a mode of operation is needed. CBC (Cipher Block Chaining) XORs each plaintext block with the previous ciphertext block before encryption, creating a chain. GCM (Galois/Counter Mode) uses counter-based encryption with a Galois field multiplication for authentication, providing both confidentiality and integrity without needing a separate HMAC step.

Key Management Best Practices

The security of AES depends entirely on keeping the key secret and using it correctly. Never reuse an IV with the same key; for AES-GCM this is catastrophic as it can leak the authentication key. Generate keys using a cryptographically secure random number generator. Store keys separately from encrypted data, ideally in a hardware security module (HSM) or a dedicated key management service.

AES in Modern Applications

AES is ubiquitous in modern computing. TLS/SSL uses AES-GCM as its preferred cipher suite for HTTPS connections. Full-disk encryption tools like BitLocker and FileVault rely on AES-XTS. Password managers use AES-256 to protect credential vaults. Cloud storage services encrypt data at rest with AES. Wi-Fi networks secured with WPA2 and WPA3 use AES-CCMP for frame encryption.

Sources

Examples

Worked Examples

Encrypting a message with AES-GCM

Given: plaintext 'Hello World', a 256-bit key, AES-GCM mode, and a 12-byte IV

1

Step 1: Generate a 256-bit key (64 hex characters) and a 12-byte IV (24 hex characters) using the generate buttons

2

Step 2: Enter 'Hello World' in the input field with Encrypt mode selected

3

Step 3: Click Encrypt to produce a Base64-encoded ciphertext with the GCM authentication tag appended

Result: A Base64 string such as 'dGhpcyBpcyBhIGRlbW8...' is produced. The same key and IV are needed to decrypt it.

Decrypting a Base64 ciphertext with AES-CBC

Given: a Base64 ciphertext, the original 256-bit key, and the 16-byte IV used during encryption

1

Step 1: Switch to Decrypt mode and select AES-CBC as the algorithm

2

Step 2: Paste the Base64-encoded ciphertext into the input field and enter the hex key and IV

Result: The original plaintext is recovered and displayed in the output area.

Use Cases

Use Cases

Encrypting sensitive configuration values

Encrypt API keys, database passwords, or other secrets before storing them in configuration files or environment variables, then decrypt them when needed for deployment.

Learning symmetric encryption

Experiment with AES-CBC and AES-GCM modes side by side to understand how different block cipher modes of operation work, how IVs affect output, and why authenticated encryption matters.

Verifying encryption implementations

Cross-check the output of your own AES implementation in any programming language against this tool to ensure your code produces correct ciphertext and successfully decrypts it.

Frequently Asked Questions

?What is AES encryption?

AES (Advanced Encryption Standard) is a symmetric block cipher adopted by the U.S. government. It encrypts data in 128-bit blocks using keys of 128, 192, or 256 bits and is widely considered the gold standard for symmetric encryption.

?What is the difference between AES-CBC and AES-GCM?

AES-CBC (Cipher Block Chaining) encrypts each block using the previous ciphertext block, requiring separate authentication. AES-GCM (Galois/Counter Mode) combines encryption with built-in authentication, providing both confidentiality and integrity in one operation.

?What key sizes does this tool support?

This tool supports 128-bit (32 hex chars), 192-bit (48 hex chars), and 256-bit (64 hex chars) keys. The generate button creates a 256-bit key by default for maximum security.

?Why do I need an initialization vector (IV)?

An IV ensures that encrypting the same plaintext with the same key produces different ciphertext each time. This prevents attackers from detecting patterns. Always use a unique, random IV for each encryption operation.

?Can I decrypt data encrypted by another tool or library?

Yes, as long as the other tool used the same AES mode, key, and IV. The ciphertext must be provided as a Base64 string. For AES-GCM, the authentication tag must be appended to the ciphertext as the Web Crypto API expects.

?Is my data private when using this tool?

Yes. All encryption and decryption happens locally in your browser using the Web Crypto API. No data, keys, or ciphertext are ever sent to any server.

?Is this tool free to use?

Yes, it is completely free with no usage limits. Encrypt and decrypt as many times as you need without any restrictions.

Related Tools

Caesar Cipher

Encrypt and decrypt text using the Caesar cipher with a customizable shift value.

Try Tool

Vigenere Cipher

Encrypt and decrypt text using the Vigenere cipher with a keyword.

Try Tool

Password Strength Tester

Test and analyze the strength of any password with entropy calculation and detailed feedback.

Try Tool
Help us improve

How do you like this tool?

Every tool on Kitmul is built from real user requests. Your rating and suggestions help us fix bugs, add missing features and build the tools you actually need.

Rate this tool

Tap a star to tell us how useful this tool was for you.

Suggest an improvement or report a bug

Missing a feature? Found a bug? Have an idea? Tell us and we'll look into it.

Recommended Reading

Recommended Books on Cryptography & Security

Real-World Cryptography

Real-World Cryptography

David Wong

Post-Quantum Cryptography

Post-Quantum Cryptography

Daniel J. Bernstein

Applied Cryptography and Network Security

Applied Cryptography and Network Security

Jooyoung Lee

As an Amazon Associate we earn from qualifying purchases.

Boost Your Capabilities

Recommended Products for Security Professionals

YubiKey 5 NFC - USB-A Security Key

YubiKey 5 NFC - USB-A Security Key

Yubico

Apricorn Aegis Secure Key 3NX - FIPS 140-2 Level 3 Encrypted Flash Drive

Apricorn Aegis Secure Key 3NX - FIPS 140-2 Level 3 Encrypted Flash Drive

Apricorn

Kingston IronKey Vault Privacy 50 Encrypted USB Flash Drive

Kingston IronKey Vault Privacy 50 Encrypted USB Flash Drive

Kingston

As an Amazon Associate we earn from qualifying purchases.

Newsletter

Get Free Productivity Tips & New Tools First

Join makers and developers who care about privacy. Every issue: new tool drops, productivity hacks, and insider updates — no spam, ever.

Priority access to new tools
Unsubscribe anytime, no questions asked