AES Cipher

🔒 Runs entirely in your browser. Nothing is sent anywhere.

AES-256-GCM encryption with PBKDF2 key derivation. Encrypt and decrypt text with a password.

Test Data:

Plaintext

Password

AES-256-GCM · PBKDF2 key derivation (100,000 iterations, SHA-256) · Random salt + IV per encryption

How It Works

AES-256-GCM

Authenticated encryption using a 256-bit key in Galois/Counter Mode. GCM provides both confidentiality and integrity — tampering with the ciphertext is detected automatically. No padding oracle attacks are possible.

PBKDF2 Key Stretching

Your password is run through PBKDF2 with 100,000 SHA-256 iterations. This makes brute-force attacks computationally expensive — each password guess requires 100,000 hash operations.

Random Salt + IV

A fresh 16-byte salt and 12-byte IV are generated for every encryption. The same plaintext encrypted twice produces different ciphertext, preventing pattern analysis.

Base64 Output Format

The output encodes salt (16 bytes) + IV (12 bytes) + ciphertext as a single Base64 string. Everything needed to decrypt is bundled together.

Privacy: all encryption and decryption happens in your browser. Your plaintext and password are never sent to any server.