ZeroUtil

AES Encrypt / Decrypt

Encrypt and decrypt text with AES-256-GCM and PBKDF2 key derivation, entirely in the browser.

Uses AES-256-GCM encryption with PBKDF2 key derivation (100,000 iterations). Everything runs in your browser — your data never leaves your device.

How to Use the AES Encrypt/Decrypt Tool

Switch between Encrypt and Decrypt tabs. To encrypt, enter your plaintext and a password, then click "Encrypt". The tool outputs a base64-encoded ciphertext. To decrypt, paste the encrypted base64 string with the same password and click "Decrypt" to recover the original text.

How It Works

  • Key Derivation — your password is converted to a 256-bit key using PBKDF2 with 100,000 iterations and a random salt
  • Encryption — AES-256-GCM (Galois/Counter Mode) encrypts the data with authenticated encryption
  • Output Format — the salt, initialization vector (IV), and ciphertext are combined and base64-encoded
  • Decryption — extracts the salt and IV from the ciphertext, re-derives the key, and decrypts

Why AES-GCM?

AES-GCM provides both confidentiality (encryption) and authenticity (tamper detection). If the ciphertext or password is wrong, decryption will fail rather than producing garbage output — this prevents silent data corruption.

Frequently Asked Questions

Is my data sent to a server?

No. All encryption and decryption happens in your browser using the Web Crypto API. Your plaintext, password, and ciphertext never leave your device.

How secure is this encryption?

Very secure. AES-256-GCM is the gold standard for symmetric encryption, used by governments and financial institutions. The key is derived using PBKDF2 with 100,000 iterations, making brute-force attacks on the password computationally expensive.

Can I decrypt on a different device?

Yes. Copy the encrypted base64 output and use the same password on any device with this tool. The salt and IV needed for decryption are embedded in the output.

What happens if I use the wrong password?

Decryption will fail with an error. AES-GCM provides authenticated encryption, meaning it can detect when the wrong password is used or the ciphertext has been tampered with.

Is there a size limit on the text I can encrypt?

There is no hard limit, but very large texts may be slow to process since everything runs in the browser. For files larger than a few megabytes, consider using a desktop encryption tool.

Ad

More Security & Privacy

Password Generator

Generate cryptographically secure random passwords with configurable length, character types and entropy display.

Open tool →

Password Strength Checker

Check password strength with entropy calculation, pattern detection and common password matching.

Open tool →

Security Hash Generator

Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes from text or files using the Web Crypto API.

Open tool →

TOTP Generator

Generate time-based one-time passwords (TOTP) from a base32 secret with live 30-second countdown.

Open tool →

CSP Header Generator

Build Content-Security-Policy headers with a visual form, presets and per-directive configuration.

Open tool →

RSA Key Generator

Generate RSA key pairs (2048 or 4096 bit) in PEM format using the Web Crypto API.

Open tool →