Skip to main content
SuperTools

AES-GCM Encrypt/Decrypt

Authenticated encryption with AES-256-GCM and PBKDF2 key derivation

Enter input, passphrase, and click Encrypt

Uses AES-256-GCM with random 96-bit IV and PBKDF2-SHA256 key derivation. Payload format is armored as st-aesgcm:.... All processing happens locally in your browser.

About AES-GCM

Encrypt and decrypt text and files using AES-256-GCM, a modern authenticated encryption standard, directly in your browser. AES-GCM provides both confidentiality and integrity protection, ensuring data cannot be read or tampered with without the correct key. This tool derives the encryption key from your passphrase using PBKDF2-SHA256 with a random salt and IV, following security best practices. Everything runs locally via the Web Crypto API — your plaintext, ciphertext, and passphrase are never transmitted to any server.

How to Use AES-GCM

  1. Enter or paste the text you want to encrypt in the input field.
  2. Enter a strong passphrase that will be used to derive the encryption key.
  3. Click Encrypt to produce the ciphertext, or paste ciphertext and click Decrypt.
  4. Copy the output using the copy button.

AES-GCM FAQ

Which AES mode is used?

The tool uses AES-256-GCM, an authenticated encryption mode that provides both confidentiality and integrity. The key is derived from your passphrase using PBKDF2-SHA256.

Does encryption happen in the browser?

Yes. All encryption and decryption operations run locally using the Web Crypto API. Your data and passphrase never leave your device.

What makes AES-GCM better than AES-CBC?

AES-GCM is an authenticated encryption mode that detects tampering automatically. AES-CBC requires a separate MAC for integrity, and is more vulnerable to padding oracle attacks.

How is the encryption key derived from my passphrase?

The tool uses PBKDF2 with SHA-256 and a random salt to derive a 256-bit AES key from your passphrase. A fresh random IV is generated for each encryption operation.

Can I encrypt files?

Yes. The tool supports encrypting and decrypting both text input and file uploads using AES-256-GCM.