Cybersecurity Tools

AES Text Encryptor

Encrypt and decrypt text using AES-256-GCM — the same algorithm used by governments, banks, and TLS 1.3. Key derivation uses PBKDF2-SHA256 with 310,000 iterations, hardening against brute-force attacks on the passphrase. Everything runs in your browser's built-in Web Crypto API — no libraries, no server.

All processing happens locally in your browser. No data is uploaded.

Algorithm

AES-256-GCM

Key Bits

256 bits

KDF

PBKDF2-SHA256

Iterations

310,000

Salt

16 bytes (random)

12 bytes (random)

Auth Tag

128 bits (GCM)

Output

Base64

Passphrase

Passphrase strength:

—

Plaintext to Encrypt

Compress before encrypt Include integrity tag

Encrypted Output (Base64)

Encrypted ciphertext will appear here…

Technical Details

Encryption pipeline:
1. A random 16-byte salt is generated using crypto.getRandomValues().
2. Your passphrase is fed into PBKDF2(SHA-256, 310000 iterations) with the salt → produces a 256-bit AES key.
3. A random 12-byte IV is generated (GCM standard nonce size).
4. The plaintext is encrypted with AES-256-GCM, producing ciphertext + 128-bit authentication tag.
5. Output format: base64(salt || iv || ciphertext || authTag) — all fields needed for decryption are embedded in the output.

Security properties:
• GCM mode provides authenticated encryption — any tampering with the ciphertext is detected on decryption.
• PBKDF2 with 310,000 iterations (NIST 2024 recommendation for SHA-256) makes brute-forcing weak passphrases computationally expensive.
• Fresh salt + IV on every encryption ensures identical plaintexts produce different ciphertexts.
• The Web Crypto API implementation is provided by your browser's native crypto engine — not JavaScript.

Related Tools