← Back to all tools

AES Encryption / Decryption

Advanced Encryption Standard — symmetric block cipher. All processing runs client-side.

AES-GCM is recommended — it provides authenticated encryption (confidentiality + integrity). CBC and CTR are available for compatibility. Leave IV empty to auto-generate a secure random IV.
Settings
AES
Text is best for anycript.com; Hex/Base64 are raw key encodings
GCM: 12 chars / 24 hex chars · CBC/CTR: 16 chars / 32 hex chars
When encrypting: Leave blank — a secure random IV is auto-generated and prepended to the output.
When decrypting: Leave blank if IV is prepended to ciphertext, or enter the IV used during encryption.
📝
Input
0 chars
Output
Encrypted / decrypted result will appear here…
📖

About AES & IV

The IV (Initialization Vector) is a random value used to ensure that the same plaintext encrypted twice produces different ciphertexts. It does not need to be secret but must be unique per encryption. By default, CryptoWave auto-generates a secure random IV and prepends it to the output — so you only need one string to decrypt.

GCM 12-byte IV (nonce). Provides authenticated encryption — tampering is detected automatically.
CBC 16-byte IV. Each block XORed with the previous ciphertext block before encryption.
CTR 16-byte counter/nonce. Turns AES into a stream cipher — parallelizable and no padding needed.
🔒 Web Crypto API
✓ NIST FIPS 197
✓ Zero server transmission
⚙️

How AES Encryption Works

AES (Advanced Encryption Standard) is a symmetric block cipher that encrypts data in fixed 128-bit blocks using a secret key of 128, 192, or 256 bits. This tool runs entirely in your browser using the Web Crypto API — your key and data never leave your device.

AES-GCM is the recommended mode as it provides both encryption and authentication, detecting any tampering with the ciphertext. CBC and CTR modes are available for compatibility with legacy systems.

Common use cases

  • Encrypting sensitive notes or credentials before storing them
  • Sharing confidential text with a shared passphrase
  • Testing AES implementations and verifying cipher outputs
  • Learning how symmetric encryption works in practice

Frequently Asked Questions

Is AES encryption secure?
Yes. AES-256 is military-grade encryption used by governments and security agencies worldwide. It has no known practical attacks and is considered secure for the foreseeable future.
What mode should I use?
GCM (Galois/Counter Mode) is recommended for most use cases because it provides authenticated encryption — it both encrypts your data and verifies its integrity, protecting against tampering.
Are my keys stored anywhere?
No. Everything runs entirely in your browser. Your encryption keys, plaintext, and ciphertext are never stored, logged, or transmitted anywhere. Closing the page clears everything.
What is the difference between AES-128, AES-192, and AES-256?
The numbers refer to key length in bits. AES-256 uses a 256-bit key and is the most secure option. AES-128 is slightly faster and still considered secure for most applications. AES-192 is rarely used. For maximum security, choose AES-256.
Can I use AES to encrypt files?
This tool encrypts text strings. For file encryption, the same AES algorithm applies — the file's binary data is treated as the plaintext. Many file encryption tools (VeraCrypt, 7-Zip) use AES-256 under the hood.
What output format should I choose — Base64 or HEX?
Base64 is more compact and safe to embed in URLs, JSON, or HTML. HEX is more readable and commonly used in programming and debugging. Both encode the same binary data — choose based on how you plan to use the output.