AES Encrypt Online
Encrypt any text with AES (Advanced Encryption Standard) directly in your browser. Supports AES-GCM (authenticated encryption), AES-CBC, and AES-CTR with 128, 192, or 256-bit keys. A random IV is generated automatically. All processing is client-side — your data never leaves your device.
AES Mode Comparison
| Mode | Authentication | IV Size | Recommended For |
|---|---|---|---|
| AES-GCM | ✅ Built-in (auth tag) | 12 bytes | New systems, TLS 1.3, APIs |
| AES-CBC | ❌ Needs separate HMAC | 16 bytes | Legacy compatibility |
| AES-CTR | ❌ Needs separate MAC | 16 bytes | Streaming, random access |
Key Size Comparison
- AES-128: Secure — no known practical attacks; fast and widely used
- AES-192: Rarely used in practice; slightly more secure than 128
- AES-256: Recommended for high-security applications and long-term data; required by some compliance standards (FIPS 140-2 Level 3, NSA Suite B)
How the Output Formats Work
- IV: The random initialization vector — must be saved alongside the ciphertext for decryption
- Ciphertext: The encrypted data (for AES-GCM, includes the 16-byte authentication tag at the end)
- Combined: IV prepended to ciphertext in a single string — the easiest way to pass everything to the decryptor
AES vs RSA: When to Use Each
- AES (symmetric): Same key for encrypt and decrypt — fast, can encrypt any amount of data, requires a secure way to share the key
- RSA (asymmetric): Different keys — public to encrypt, private to decrypt; slow, limited data size; no key-sharing problem
- Hybrid encryption: The standard in practice — use RSA to securely send an AES key, then encrypt the actual data with AES
Frequently Asked Questions
Which AES mode should I use — GCM, CBC, or CTR?
AES-GCM is the recommended default for new systems. It provides authenticated encryption (confidentiality + integrity in one pass), is parallelisable, and is required by TLS 1.3. AES-CBC is widely used in legacy systems (TLS 1.2, disk encryption) but requires a separate integrity check (HMAC) to prevent tampering. AES-CTR turns AES into a stream cipher — fast and flexible but also lacks built-in integrity. Use AES-GCM unless you have a specific reason to choose otherwise.
What key size should I use?
AES-256 is the strongest and is recommended for new systems — it provides an extra security margin against future attacks (including potential quantum computers with Grover's algorithm). AES-128 is currently considered secure and is sufficient for most applications. AES-192 is rarely used. The performance difference between 128 and 256-bit is negligible on modern hardware.
What is the IV (Initialization Vector)?
The IV (or nonce for GCM) is a random value used to ensure that the same plaintext encrypted twice produces different ciphertexts. It does not need to be secret — it is typically transmitted alongside the ciphertext. For AES-GCM, the IV must be exactly 12 bytes (96 bits). For AES-CBC and AES-CTR, it is 16 bytes (128 bits). The IV must be unique for each encryption with the same key — reusing an IV with the same key is a critical security vulnerability.
Is AES encryption reversible?
Yes, AES is a symmetric cipher — with the correct key, the original plaintext can be recovered exactly. This is unlike hashing, which is one-way. The security guarantee is that without the key, decryption is computationally infeasible (no known attacks against AES-128/256 that are faster than brute force).
What is the "combined" output format?
The combined output is the IV and ciphertext concatenated into a single string: base64(IV || ciphertext). This is a common convention that bundles everything the decryptor needs into one field. The AES Decrypt tool can automatically split this back into IV and ciphertext when you select "Combined" mode. The IV is always the first 12 bytes (GCM) or 16 bytes (CBC/CTR).
What is the difference between AES-GCM and AES-CBC with HMAC?
AES-GCM provides both encryption and authentication in a single operation — the authentication tag (appended to the ciphertext) verifies that the data has not been tampered with. AES-CBC alone only provides confidentiality; to get integrity you must add a separate HMAC, which introduces the "encrypt-then-MAC" vs "MAC-then-encrypt" choice (a common source of vulnerabilities). AES-GCM avoids this complexity and is generally preferred.
How do I use this with Node.js or Python?
The output format is standard. For Node.js: use crypto.createDecipheriv("aes-256-gcm", keyBuffer, ivBuffer). For Python: from cryptography.hazmat.primitives.ciphers.aead import AESGCM. The key is the raw hex bytes, the IV is the first 12 bytes (GCM) or 16 bytes (CBC/CTR), and the ciphertext is the remaining bytes. For AES-GCM, the auth tag is the last 16 bytes of the ciphertext buffer.