AES Encryption
Encrypt and decrypt sensitive text with AES-256-CBC — entirely inside your browser. No accounts, no servers, no logs.
A quick primer before you encrypt anything
This tool encrypts plain text into an unreadable Base64 string using AES-256-CBC—the same standard used in enterprise VPNs, encrypted hard drives, and secure messaging apps. Only someone who knows the exact passphrase can reverse the operation and recover the original content.
"AES-256" refers to the key size: 256 bits. That's 2256 possible keys—a number so large that even every computer on earth working in parallel for billions of years couldn't exhaustively search it. The "CBC" part refers to Cipher Block Chaining, a mode that links each 16-byte block of your message to the one before it, so patterns in your text don't survive into the ciphertext.
The entire operation runs inside your browser's built-in WebCrypto API. Your text and passphrase are never transmitted anywhere.
Built for people who handle sensitive data
Developers
Quickly encrypt API keys, connection strings, or config values for storage in version control or a shared document before you have proper secrets management wired up.
Security Teams
Share encrypted payloads with colleagues over Slack, email, or Jira tickets. The recipient decrypts locally—never exposing plaintext to the communication channel.
Privacy-Conscious Users
Protect sensitive notes, account credentials, or personal records before storing them in cloud services like Notion, Dropbox, or Google Drive.
How to encrypt and decrypt
Paste your text
Enter the content you want to protect—an API key, a personal note, a password, or any arbitrary string. There's no size limit enforced by the tool itself.
Set a strong passphrase
Choose something long and unique. "CorrectHorseBatteryStaple" style passphrases are strong. Short dictionary words are not. You will need this exact passphrase to decrypt—there is no recovery mechanism.
Click Encrypt
The tool derives a 256-bit key from your passphrase using PBKDF2, generates a random Salt and IV, and encrypts the text. The result is a Base64 string encoding all three values.
Store or share the output
Copy the Base64 string anywhere—a database field, a note, an email. Without the passphrase it's completely unreadable.
Decrypt when needed
Paste the Base64 string back into the tool, enter the same passphrase, and click Decrypt. The original text is restored locally.
What's actually inside that Base64 string
The encrypted output isn't just ciphertext. It's a self-contained bundle that packs three values together before encoding to Base64:
Salt
Random bytes fed into PBKDF2 so the derived key is unique to this encryption—even if you reuse the same passphrase.
IV
Initialization Vector. Random data that seeds the first CBC block, ensuring different ciphertext each time.
Ciphertext
The actual AES-encrypted payload—your original text, scrambled beyond recognition.
This layout means you only need to store or transmit one string. The decryption side can parse out the Salt and IV automatically, then reconstruct the key and recover your plaintext.
Practical scenarios where this actually helps
Storing secrets in a shared repo
Your team keeps infrastructure config in a private GitHub repo. Rather than committing a raw .env file (a common and costly mistake), you encrypt each value with a passphrase shared via your password manager. The repo gets the encrypted blob; the passphrase never touches Git.
Sending credentials over Slack
You need to share a staging database password with a new colleague. Sending it in plaintext over Slack means it lives in Slack's servers indefinitely. Instead: encrypt it here, paste the Base64 into Slack, then share the passphrase separately (a phone call, a Signal message). Even if Slack is compromised, the attacker just gets ciphertext.
Personal encrypted notes in cloud storage
You keep a master list of recovery codes and account answers in Google Drive. Encrypt the file's contents before uploading. Even if your Google account is breached, the content remains unreadable without the passphrase you never wrote down anywhere digital.
What this tool can't protect you from
AES-256 is exceptionally strong at what it does. But encryption is only one layer of security, and it's worth being clear about where the limits are:
- !A weak passphrase is the most common real-world attack vector. AES-256 with the passphrase 'password1' is trivially crackable via a dictionary attack. Strength of the passphrase matters enormously.
- !This tool encrypts text, not files. Binary data (images, PDFs) would need to be Base64-encoded first, then the string could be encrypted.
- !CBC mode doesn't provide authentication by default. A tampered ciphertext often decrypts to garbage rather than raising an explicit error—you'd need to add an HMAC or switch to AES-GCM for authenticated encryption.
- !Browser security is a prerequisite. If your browser or device is compromised by malware, all bets are off regardless of the encryption algorithm.
- !This is a manual tool. For automated systems handling sensitive data at scale, use a dedicated secrets manager (HashiCorp Vault, AWS Secrets Manager, etc.) rather than hand-rolling AES workflows.
Getting the most out of AES encryption
✦ Use a passphrase, not a password
Four or more random, unrelated words strung together (e.g. 'olive.runway.marble.fence') give you more entropy than a single complex password and are far easier to remember.
✦ Never store the passphrase next to the ciphertext
If both live in the same place, the encryption is pointless. Keep the passphrase in a password manager or in your head, and the ciphertext wherever it needs to go.
✦ Label your encrypted blobs
A Base64 string with no context is confusing six months later. Add a short comment or filename that identifies what it is—without revealing what it contains.
✦ Test decryption immediately
After encrypting something important, decrypt it right away to confirm everything works before you close the original plaintext. Discovering a typo in your passphrase six months later is painful.
✦ Rotate passphrases periodically
For long-lived secrets, re-encrypt with a new passphrase every few months. This limits the exposure window if a passphrase is ever silently compromised.
✦ For production systems, go further
This tool is excellent for ad-hoc and manual encryption tasks. Automated pipelines should use purpose-built secrets management with audit logs and access controls.
The cryptographic pipeline, explained plainly
When you click Encrypt, here's the exact sequence of operations that runs inside your browser:
- 1.Salt generation. 16 cryptographically random bytes are generated using window.crypto.getRandomValues(). This salt ensures that the same passphrase produces a different derived key each time.
- 2.Key derivation via PBKDF2. Your passphrase is combined with the salt and hashed 100,000+ times using HMAC-SHA256. The result is a 256-bit key that's computationally expensive to brute-force.
- 3.IV generation. Another 16 random bytes are generated as the Initialization Vector. This seeds the first CBC block so identical plaintexts produce different ciphertexts.
- 4.AES-256-CBC encryption. Your text is encoded to UTF-8 bytes, padded to a multiple of 16 bytes, and encrypted block by block. Each block's ciphertext becomes an XOR input for the next block.
- 5.Output serialization. Salt + IV + ciphertext are concatenated and encoded to Base64. This single string is everything needed for later decryption.
Common questions
Is my data ever sent to a server?
No. Every cryptographic operation—key derivation, encryption, decryption—runs inside your browser's WebCrypto API. Your plaintext and passphrase never leave your device. You can verify this by opening your browser's Network tab while using the tool; you'll see zero outbound requests.
Why does the encrypted output look different every time, even with the same passphrase?
Each encryption run generates a fresh random IV (Initialization Vector) and Salt. These values are mathematically folded into the Base64 output so the correct ones are available at decryption time. The side-effect is that encrypting the same message twice produces two completely different strings—which is exactly what you want. An attacker who intercepts two messages can't tell whether the underlying plaintext is identical.
What happens if I lose my passphrase?
The data is unrecoverable. AES-256 is designed so that even with modern supercomputing power, a brute-force attack on a strong passphrase would take longer than the age of the universe. There is no backdoor, no reset link, and no master key. Treat your passphrase like you'd treat a physical key to a vault.
What is PBKDF2 and why does it matter?
PBKDF2 (Password-Based Key Derivation Function 2) stretches your human-chosen passphrase into a 256-bit cryptographic key by hashing it thousands of times with a random salt. A short, memorable password like 'sunrise42' would be trivially weak as a direct AES key. PBKDF2 makes brute-forcing dramatically more expensive by adding deliberate computational cost to each guess an attacker would have to make.
When would I use AES-CBC versus other modes?
CBC (Cipher Block Chaining) is a well-understood, widely audited mode suitable for encrypting arbitrary-length text payloads at rest. For data in transit or stream encryption, modes like GCM (which also provides authentication) are generally preferred. For this tool's purpose—encrypting secrets you'll store or transmit manually—CBC with a fresh IV per operation is a solid, proven choice.
Can I use the encrypted output in my own application?
Yes. The Base64 output encodes the Salt, IV, and ciphertext in a fixed layout. If you know the encoding scheme, you can write a matching decrypt function in Node.js, Python, or any language that supports AES-256-CBC and PBKDF2. This makes the tool useful for quick prototyping before you wire up proper secrets management in production.
The decrypted output looks like garbage. What went wrong?
Almost certainly a wrong passphrase. AES will still complete the decryption math with an incorrect key—but the result will be garbled bytes. Double-check that you're using the exact passphrase (case-sensitive, including spaces) that was used to encrypt. If the ciphertext was modified or truncated in transit, that will also corrupt the output.
Security transparency. This tool uses the browser's native WebCrypto API — the same cryptographic substrate used by modern banking and authentication applications. No custom crypto, no proprietary black boxes. You can inspect the tool's source code in your browser's DevTools at any time.