AES Text Encryption
Securely encrypt and decrypt text with a password using the AES-256-GCM standard, right in your browser.
A higher iteration count slows down brute-force attacks but also increases the time required for encryption and decryption.
Ciphertext Structure
A 256-bit key is derived from the password using PBKDF2-HMAC-SHA256, then encrypted with AES-256-GCM. A new salt and IV are generated each time using crypto.getRandomValues, so the ciphertext will differ with each execution even for the same text and password (this is normal). The result string is the concatenation of the bytes below, then Base64 encoded.
| Position (Bytes) | Length | Content | Description |
|---|---|---|---|
| 0 ~ 2 | 3 | "TZC" | Magic value indicating this tool's format |
| 3 | 1 | 0x01 | Format version |
| 4 ~ 7 | 4 | uint32 BE | PBKDF2 iterations โ this value is used for decryption |
| 8 ~ 23 | 16 | salt | PBKDF2 salt (random) |
| 24 ~ 35 | 12 | IV | AES-GCM initialization vector (random, must not be reused) |
| 36 ~ | Variable | ciphertext + tag | Ciphertext and 16-byte GCM authentication tag โ decryption fails if even one character is altered |
Salt, IV, and iteration count are not secrets and can be safely included in the ciphertext. In fact, they must be included for the recipient to decrypt using only the password. Older ciphertexts (16-byte salt + 12-byte IV + ciphertext, 100k iterations) without the magic value are also automatically recognized and decrypted.
โ There is absolutely no way to recover your password if you forget it. This tool does not store passwords anywhere, and neither text nor password is sent to a server or stored in your browser. The strength of the encryption ultimately depends on the strength of your password โ a short password will be cracked no matter how many iterations you use.
What is the AES Text Encryption?
Use this free AES encryption tool to secure notes, credentials, or private messages. Simply enter your text and a password to instantly generate a Base64 string encrypted with the AES-256-GCM standard. To enhance security, the encryption key is derived from your password using PBKDF2. Most importantly, every operation runs exclusively in your browser. Your text and password are never sent to a server, so you can handle sensitive data with confidence. It's completely free to use, with no installation or signup required.
How to use
- Select your desired mode: `๐ Encrypt` or `๐ Decrypt`.
- In the left panel, enter the plaintext to encrypt or the ciphertext to decrypt.
- Type the secret key into the "Password" field.
- When encrypting, you can adjust the "PBKDF2 Iterations" count to balance speed and security.
- Click the run button (e.g., `๐ Run Encryption` or `๐ Decrypt`).
- The result appears in the right panel. Use the "Copy" or "Save Ciphertext" buttons to get your data.
AES Text Encryption guide
How this tool is used in real work, and what to watch out for.
What do PBKDF2 iterations get you?
Passwords that people memorize are too short and predictable to be used as AES keys. So instead of using the password directly, we use PBKDF2 to process it extensively and derive a 256-bit key. The iteration count is the number of times this processing is repeated.
Hereโs the key idea: when you increase the iteration count, you only wait once, but an attacker has to wait that long for *every single password guess*. At 250,000 iterations, the number of guesses an attacker can try per second is reduced by a factor of roughly 250,000. You're trading less than a second of your time to force an attacker to spend 250,000 times as much.
| Setting | Feel | When to use |
|---|---|---|
| 100,000 iterations | Almost instant | For compatibility with old ciphertexts. Not recommended for new ones. |
| 250,000 iterations (Default) | Usually under 1 second | For everyday notes and messages. |
| 600,000 iterations | 1-2 seconds depending on the device | The level recommended by OWASP. For important content. |
| 1,000,000 iterations | Noticeably slow | For sensitive content stored long-term. |
What happens without a salt and an IV?
It can be confusing why these are necessary, since both are non-secret random numbers. They serve completely different roles.
Without a salt, the same password always produces the same key. This allows an attacker to pre-compute the keys for millions of common passwords and store them in a lookup table (a 'rainbow table'). When they see a ciphertext, they can just look up the key and find the answer instantly. Even a million iterations won't help you hereโthat computation was finished long ago. A unique salt for each encryption makes this entire pre-computation effort worthless.
The IV prevents the same plaintext from always producing the same ciphertext. If the IV were fixed, the ciphertext for a short reply like "Yes" would always be the same, allowing an observer to read patterns of who said what without knowing the content. In AES-GCM specifically, reusing an IV with the same key is a catastrophic failure that goes beyond simple pattern exposure and can allow an attacker to recover both plaintexts.
When 'Decryption failed' appears โ The role of the authentication tag
AES-GCM doesn't just encrypt; it also creates and attaches a 16-byte authentication tag. During decryption, it recalculates this tag and checks if it matches. If even a single bit is off, it refuses to output a result and fails. This prevents an attacker from tampering with the content by, for example, flipping a few bits in the ciphertext. Successful decryption is a guarantee that the content has not been forged or altered.
The trade-off is that the failure message can't distinguish the cause. A wrong password and a tampered ciphertext both result in the same tag verification failure. This is by design; providing a more specific error would give hints to an attacker.
- The most common cause is a truncated copy. You must paste the entire ciphertext from beginning to end. If you copy from a messaging app where the text is collapsed under a "Show more" link, the end might be cut off.
- If you paste it into the body of an email, the mail client might add line breaks or convert parts of it into links, corrupting the string. Sending it as a file attachment is safer.
- Check for leading/trailing spaces and case sensitivity in the password. A stray space accidentally copied along with the password is a frequent culprit.
- Make sure the mode is set to '๐ Decrypt' and that you have pasted the ciphertext into the input field, not the plaintext.
Password strength comes first
If your password is `1234`, even a million iterations won't save you. An attacker only needs to try ten guesses. A million iterations ร 10 guesses is a matter of seconds. The iteration count is only a meaningful defense when the password itself is reasonably strong.
Conversely, a passphrase made of four random words (like the one the `Load Example` button provides) is easy to remember but has a vastly larger search space. This is why the tool shows a warning after encrypting if your password is less than 8 characters long.
What to use this tool for (and what not to)
This tool runs entirely in your browser; nothing is ever sent to a server. This makes it suitable for handling sensitive information you wouldn't entrust to a third party, like internal memos or temporary account credentials. However, it's not a silver bullet.
| Scenario | Suitability |
|---|---|
| One-time transfer of notes/account info via messenger or email | Suitable โ use a separate channel for the password. |
| Storing personal notes as ciphertext in a cloud notepad | Suitable |
| Managing shared team secrets | Unsuitable โ use a password manager or a secrets vault. |
| Encrypting large files or images | Unsuitable โ this tool is for text only. |
| Encrypting personal information in a service database | Unsuitable โ this requires a server-side key management system. |
| Ciphertext that needs to be opened by other programs | Unsuitable โ see the format issue below. |
Frequently asked questions
Can I recover my password if I forget it?
No, recovery is impossible. Your password is used directly in your browser and is never sent to our servers. We have no way of knowing it or helping you.
Why is the encrypted result different every time for the same input?
This is expected and enhances security. A new random salt and IV are generated for each encryption and included in the output, ensuring unique ciphertext every time.
How secure is this tool?
It uses industry-standard AES-256-GCM and PBKDF2. All processing is done in your browser, so your data never leaves your computer, eliminating exposure risk.
I get a decryption error. What's wrong?
This means the password is wrong or the ciphertext is incomplete or altered. Passwords are case-sensitive and must be entered exactly, including any spaces.