AES Encryption Online

AES-GCM-256 with PBKDF2 key derivation. Browser-native SubtleCrypto.

How it works

  1. Salt — 16 random bytes generated per encryption
  2. Key derivation — PBKDF2-SHA256, 100,000 iterations, password + salt → 256-bit key
  3. IV — 12 random bytes (the GCM standard)
  4. Encrypt — AES-GCM with the derived key and IV
  5. Output — base64-encode salt || iv || ciphertext as a single blob

Decryption reverses this: pull out the salt, derive the same key, pull out the IV, decrypt. GCM's authentication tag is automatically verified — tampered ciphertext fails to decrypt rather than silently producing garbage.

Cipher format compatibility

This tool's output format is not compatible with OpenSSL, age, or gpg — it's a simple custom layout. To share encrypted messages with people using other tools, agree on an established format first. This tool is best for: encrypting personal notes you'll decrypt later, sharing with someone you'll send a link / instructions to, or learning how AES-GCM works.

Privacy

Password, plaintext, and ciphertext all stay in your browser. SubtleCrypto runs the math locally.