AES-GCM Encrypt & Decrypt
Industry-standard authenticated encryption (AEAD) with AES in GCM mode. This tool does both encrypt and decrypt on one page — pick a mode, paste your data, and click. Everything runs on your device, nothing is sent to a server.
The key is derived from this password via PBKDF2 (200k iterations). Must match to decrypt.
Everything runs in your browser. Your data is never sent to our servers.
Example
Example Input
Secret message
Example Output
k3J9…(Base64 ciphertext)
How to Use
- 1Choose Encrypt or Decrypt mode at the top.
- 2Fill the Input field and, if required, complete the fields in "More settings" (key/password).
- 3Click the button (or press Ctrl+Enter) to process.
- 4Copy the result with the Copy button.
About AES-GCM
AES-GCM is an authenticated encryption (AEAD) mode: besides keeping data secret, it detects if the ciphertext was tampered with. It is the most recommended AES mode for modern apps (TLS, storage, APIs).
This tool derives an AES key from your password using PBKDF2 (200,000 iterations, SHA-256) and a random salt. The random salt and IV are prepended to the ciphertext and Base64-encoded, so decryption only needs the same password.
Use a strong password. Because GCM is authenticated, decryption fails if the password is wrong or the data is corrupted — which is the desired, safe behavior.
FAQ
Are my data or keys sent to a server?
No. AES-GCM runs entirely in your browser using the Web Crypto API and client-side libraries. Your data, passwords, and keys never leave your device.