Which AES mode should I use — GCM, CBC, or CTR?

GCM is recommended: it uses a 12-byte IV and provides authenticated encryption, so tampering is detected automatically. CBC uses a 16-byte IV where each block is XORed with the previous ciphertext block. CTR uses a 16-byte counter/nonce and turns AES into a stream cipher — parallelizable with no padding needed.

Is AES encryption processed on the server?

No. All AES encryption and decryption runs entirely in your browser using the Web Crypto API. Your data is never sent to any server.

← Back to all tools

AES Encryption / Decryption

Advanced Encryption Standard — symmetric block cipher. All processing runs client-side.

ℹ

AES-GCM is recommended — it provides authenticated encryption (confidentiality + integrity). CBC and CTR are available for compatibility. Leave IV empty to auto-generate a secure random IV.

⚙

Settings

AES

Mode

Key Length

Output Format

Secret Key *

Format for key generation

IV / Nonce (optional)

GCM: 12 bytes (24 hex chars) · CBC/CTR: 16 bytes (32 hex chars)

ℹ

When encrypting: Leave blank — a secure random IV is auto-generated and prepended to the output.
When decrypting: Leave blank if IV is prepended to ciphertext, or enter the IV used during encryption.

📝

Input

Plaintext / Ciphertext *

0 chars

Output

Encrypted / decrypted result will appear here…

📖

About AES & IV

The IV (Initialization Vector) is a random value used to ensure that the same plaintext encrypted twice produces different ciphertexts. It does not need to be secret but must be unique per encryption. By default, CryptoWave auto-generates a secure random IV and prepends it to the output — so you only need one string to decrypt.

GCM 12-byte IV (nonce). Provides authenticated encryption — tampering is detected automatically.

CBC 16-byte IV. Each block XORed with the previous ciphertext block before encryption.

CTR 16-byte counter/nonce. Turns AES into a stream cipher — parallelizable and no padding needed.

🔒 Web Crypto API

✓ NIST FIPS 197

✓ Zero server transmission

❓

Frequently Asked Questions

Is AES encryption secure?

Yes. AES-256 is military-grade encryption used by governments and security agencies worldwide. It has no known practical attacks and is considered secure for the foreseeable future.

What mode should I use?

GCM (Galois/Counter Mode) is recommended for most use cases because it provides authenticated encryption — it both encrypts your data and verifies its integrity, protecting against tampering.

Are my keys stored anywhere?

No. Everything runs entirely in your browser. Your encryption keys, plaintext, and ciphertext are never stored, logged, or transmitted anywhere. Closing the page clears everything.

What is the difference between AES-128, AES-192, and AES-256?

The numbers refer to key length in bits. AES-256 uses a 256-bit key and is the most secure option. AES-128 is slightly faster and still considered secure for most applications. AES-192 is rarely used. For maximum security, choose AES-256.

Can I use AES to encrypt files?

This tool encrypts text strings. For file encryption, the same AES algorithm applies — the file's binary data is treated as the plaintext. Many file encryption tools (VeraCrypt, 7-Zip) use AES-256 under the hood.

What output format should I choose — Base64 or HEX?

Base64 is more compact and safe to embed in URLs, JSON, or HTML. HEX is more readable and commonly used in programming and debugging. Both encode the same binary data — choose based on how you plan to use the output.