AES Encrypt / Decrypt
Encrypt or decrypt text with AES-256-GCM and a passphrase, all in your browser.
AES-256-GCM, key derived with PBKDF2 (200k SHA-256 rounds). Encryption and decryption run entirely in your browser.
Ciphertext (Base64)
Frequently asked questions
How secure is this encryption?
It uses AES-256 in GCM mode — a modern, authenticated cipher — with the key derived from your passphrase via PBKDF2 using 200,000 SHA-256 iterations and a random salt. This is a genuinely strong, standard construction.
Does my text or passphrase leave the browser?
No. Everything runs through the browser's Web Crypto API on your device. Nothing you type — plaintext, passphrase or ciphertext — is ever sent to a server.
What happens if I lose the passphrase?
The data is unrecoverable. AES-GCM is designed so that without the exact passphrase there is no way to decrypt, and we store nothing, so keep your passphrase safe.
What is in the Base64 output?
The output packs the random salt, the random initialization vector and the authenticated ciphertext together, so a single string is all you need to decrypt later with the same passphrase.
Why does decryption say it failed?
GCM verifies integrity, so decryption fails if the passphrase is wrong or the ciphertext was altered or truncated. Re-check the passphrase and that the whole Base64 string was pasted.