AES-GCM Encrypt/Decrypt

How to use

1. Choose a strong passphrase you can store in a password manager.
2. Paste short text to encrypt, or paste ciphertext plus IV/tag blob to decrypt.
3. Run Encrypt; copy the full output including any nonce/IV the tool displays.
4. To decrypt later, paste ciphertext and enter the same passphrase exactly.
5. Never email keys in plaintext; share secrets out-of-band if you must.
6. Rotate passphrases by decrypting with the old key and re-encrypting with a new one.

Examples

• Encrypt a private note before saving to cloud paste
• Decrypt a payload you encrypted on another device with the same settings
• Test Web Crypto availability in a locked-down browser
• Compare output length with plaintext to understand overhead
• Demonstrate why rolling your own crypto is risky—use standard tools
• Archive a small JSON secret with a passphrase for local backup

FAQ

Is data sent to a server?

No. AES-GCM and PBKDF2 run locally via the Web Crypto API.

Forgot password?

Ciphertext cannot be recovered without the key or a break of AES—back up passphrases.

Is this for production apps?

Use audited libraries and key management; this page is for education and quick local tasks.

Authenticated encryption?

GCM provides confidentiality and integrity; tampered ciphertext should fail to decrypt.

Key derivation iterations?

PBKDF2 parameters matter for brute-force resistance; defaults should be documented on-page.

Binary files?

This flow targets text; encode binary as Base64 first if you must experiment.

Related guides

• Hashes and Encoding: When to Use Hash, Base64, and URL Encode

  What hashes and encoding are for, when to use each, and how to use our free hash, Base64, and URL encode/decode tools.

Related tools

• Hash Generator
• Percentage Calculator
• Discount Calculator
• Roman Numerals ⇄ Integer
• Mortgage Calculator
• Loan Calculator