Logo

MonoCalc

/

AES Encryption / Decryption

Encode/Decode

AES Cipher Mode Comparison

ModeIV / NonceAuthenticationParallelizableBest For
CBC128-bitNoneDecrypt onlyGeneral encryption
GCM96-bit128-bit AEADBoth waysTLS / HTTPS / APIs
CTR128-bitNoneBoth waysStream cipher / disk
ECBNoneNoneBoth ways⚠️ Not recommended

About This Tool

🔒 AES Encryption / Decryption – Browser-Based AES Tool

The Advanced Encryption Standard (AES) is the most widely adopted symmetric-key block cipher in the world, standardized by NIST in 2001 (FIPS 197). It is used in virtually every secure communication system — from TLS/HTTPS and Wi-Fi (WPA2/WPA3) to full-disk encryption and secure messaging apps. This tool lets you encrypt and decrypt text using AES entirely in your browser, with no data ever sent to a server.

🔑 Key Sizes: 128, 192, and 256 Bits

AES operates on fixed-size 128-bit blocks but supports three key lengths, each offering a different security level:

  • AES-128 — 128-bit key (16 bytes), 10 rounds. Excellent performance and strong security; used in many consumer applications and TLS connections.
  • AES-192 — 192-bit key (24 bytes), 12 rounds. Rarely used in practice but provides a higher security margin.
  • AES-256 — 256-bit key (32 bytes), 14 rounds. The gold standard for high-assurance encryption. Required for protecting classified information at SECRET/TOP SECRET levels (NSA Suite B). Recommended for most new systems.

⚙️ Supported Cipher Modes

AES is a block cipher, meaning it encrypts data in 128-bit (16-byte) chunks. A cipher mode of operation defines how these blocks are processed sequentially:

AES-CBC (Cipher Block Chaining)

CBC is the most widely used AES mode for general-purpose encryption. Before each block is encrypted, it is XORed with the previous ciphertext block — starting with the Initialization Vector (IV) for the first block. This chaining ensures that identical plaintext blocks produce different ciphertext blocks, hiding data patterns. CBC requires PKCS#7 padding to fill the last block to 128 bits. Use AES-256-CBC for file encryption, database field encryption, and most server-side cryptography where GCM is not available.

AES-GCM (Galois/Counter Mode) — Recommended

GCM combines AES in CTR mode with the GHASH authentication function to deliver Authenticated Encryption with Associated Data (AEAD). In addition to the ciphertext, it produces a 128-bit authentication tag that lets the decryptor verify that the data has not been tampered with. GCM is fully parallelizable on both encryption and decryption, making it fast on modern CPUs with hardware AES support. It is the default mode in TLS 1.3, SSH, and most modern cryptographic protocols. Use a 96-bit (12-byte) nonce as recommended by NIST SP 800-38D — never reuse a nonce with the same key.

AES-CTR (Counter Mode)

CTR turns AES into a stream cipher by encrypting successive counter values and XORing the output keystream with the plaintext. It requires no padding, handles arbitrary-length plaintext, and supports full parallel encryption and decryption. CTR is widely used in disk encryption and network protocols. The counter must never be reused with the same key — doing so completely breaks confidentiality.

⚠️ AES-ECB (Electronic Codebook) — Avoid

ECB encrypts each 128-bit block independently with no chaining or randomization. Because identical plaintext blocks always produce identical ciphertext blocks, structural patterns in the data remain visible in the ciphertext. The famous "ECB penguin" — an image of Tux the Linux mascot that remains recognizable after ECB encryption — illustrates this flaw. Do not use ECB for any sensitive data. It is provided here for educational and compatibility purposes only.

🧪 How to Use This Tool

  1. Choose Encrypt or Decrypt mode.
  2. Select a Cipher Mode (CBC, GCM, or CTR), a Key Size (128/192/256-bit), and the desired Output Format (Base64 or Hex).
  3. Enter your Secret Key. You can provide it as plain text (auto-padded), hexadecimal, or Base64-encoded bytes.
  4. Enter or generate an IV / Nonce. Click 🎲 Random to generate a cryptographically secure random value.
  5. Paste or type your plaintext (for encryption) or ciphertext (for decryption) in the input area and click the action button.
  6. For GCM encryption, copy and save the displayed Auth Tag — it is required to verify integrity during decryption.

📐 Key and IV Size Reference

ModeKey (128-bit)Key (256-bit)IV / NonceAEAD
CBC16 bytes / 32 hex32 bytes / 64 hex16 bytes / 32 hexNo
GCM16 bytes / 32 hex32 bytes / 64 hex12 bytes / 24 hexYes (128-bit tag)
CTR16 bytes / 32 hex32 bytes / 64 hex16 bytes / 32 hexNo
ECB16 bytes / 32 hex32 bytes / 64 hexNoneNo

🔐 Security Best Practices

  • Prefer AES-GCM over CBC or CTR whenever possible — authenticated encryption prevents ciphertext tampering and padding oracle attacks.
  • Never reuse an IV/nonce with the same key. Each encryption operation must use a fresh, randomly generated IV.
  • Use AES-256 for long-term data protection and AES-128 where performance is critical.
  • Avoid ECB mode entirely for any real data — use it only for academic study.
  • This tool uses the browser's built-in Web Crypto API (window.crypto.subtle), which provides hardware-accelerated, standards-compliant AES — the same API used by production applications.

💡 Common Use Cases

  • Testing and validating AES implementations in your software projects
  • Learning about symmetric encryption, block cipher modes, and IV usage
  • Encrypting configuration snippets or small secrets for storage
  • Generating and verifying encrypted payloads for API or local storage testing
  • Educational exploration of how key size and cipher mode affect ciphertext

All operations run 100% locally in your browser using the Web Crypto API. No data is transmitted to any server. For production applications, use a well-tested cryptography library and follow your platform's security guidelines.

Frequently Asked Questions

Is the AES Encryption / Decryption free?

Yes, AES Encryption / Decryption is totally free :)

Can I use the AES Encryption / Decryption offline?

Yes, you can install the webapp as PWA.

Is it safe to use AES Encryption / Decryption?

Yes, any data related to AES Encryption / Decryption only stored in your browser (if storage required). You can simply clear browser cache to clear all the stored data. We do not store any data on server.

How does this AES encryption tool work?

This tool uses the Web Crypto API built into all modern browsers to perform AES encryption and decryption entirely on your device. You provide a plaintext message, a secret key, an IV (initialization vector), and choose a cipher mode and key size. The tool encrypts or decrypts the data locally — nothing is ever sent to any server.

What is the difference between AES-CBC, AES-GCM, and AES-CTR?

AES-CBC (Cipher Block Chaining) is the most common mode for general encryption; it chains blocks together so each block depends on the previous one. AES-GCM (Galois/Counter Mode) adds authenticated encryption — it produces an authentication tag that verifies both integrity and authenticity, making it ideal for TLS/HTTPS. AES-CTR (Counter Mode) turns AES into a stream cipher and supports full parallelism on both encryption and decryption.

Why should I avoid AES-ECB mode?

ECB (Electronic Codebook) mode encrypts each 128-bit block independently using the same key. This means identical plaintext blocks always produce identical ciphertext blocks, which leaks structural information about the data. The famous 'ECB penguin' demonstrates how image patterns remain visible after ECB encryption. Always use CBC, GCM, or CTR for real applications.

What key size should I use — 128, 192, or 256 bit?

AES-256 is the gold standard for high-security applications and is recommended by NIST for protecting sensitive data. AES-128 provides strong security and is slightly faster, making it a good default for most applications. AES-192 is rarely used in practice. For new systems, use AES-256 unless performance constraints require otherwise.

What is an IV and why is it required?

An Initialization Vector (IV) is a random value used to ensure that the same plaintext encrypted with the same key produces a different ciphertext each time. It does not need to be kept secret, but it must be unique for every encryption operation with the same key. For CBC and CTR, use a 16-byte (128-bit) IV; for GCM, use a 12-byte (96-bit) nonce as recommended by NIST SP 800-38D.

Is my data safe when using this tool?

All encryption and decryption runs entirely in your browser using the Web Crypto API — no data is transmitted to any server. However, avoid entering real production secrets or highly sensitive data into any online tool. For maximum security, use this tool for learning, testing, and development purposes and use a dedicated cryptography library in your production codebase.