BrowserTools
Advertisement
Home / Encoders / Text Encrypt / Decrypt (AES-GCM)

Text Encrypt / Decrypt (AES-GCM)

Encrypt and decrypt text with a password using AES-GCM, all locally in your browser.

Loading Text Encrypt / Decrypt (AES-GCM)… If nothing happens, please enable JavaScript.

This tool encrypts and decrypts text with a password using AES-GCM, the same authenticated encryption standard that protects HTTPS connections, disk volumes, and countless production systems. Unlike Base64 or other encodings, which merely transform data and offer no protection, real encryption makes your message unreadable to anyone who does not know the password. Whether you want to stash a note you can decrypt later, share a secret with a colleague over an insecure channel, or simply understand how modern symmetric encryption works, this tool does the job without ever sending your data anywhere.

Frequently asked questions

Is my text or password ever uploaded?
No. All encryption and decryption is performed locally in your browser with the native Web Crypto API. Your plaintext, your password, and the resulting ciphertext never leave your device, are never logged, and are never transmitted to any server.
What encryption does the tool actually use?
It uses AES-GCM with a 256-bit key for the encryption itself, and PBKDF2 with SHA-256 and 100,000 iterations to derive that key from your password. A random 16-byte salt and a random 12-byte initialisation vector are generated for every encryption, so encrypting the same text twice produces different output.
Why does encrypting the same text give a different result each time?
Because a fresh random salt and IV are used on every run. This is a deliberate and important security property: it means an observer cannot tell whether two ciphertexts contain the same message, and it prevents a whole class of attacks. The salt and IV are stored alongside the ciphertext so decryption still works.
What happens if I enter the wrong password?
Decryption fails and the tool shows an error. AES-GCM is an authenticated cipher, so it verifies an integrity tag before returning any plaintext. A wrong password, or ciphertext that has been altered or truncated, will fail that check rather than silently producing corrupted output.
How strong is the encryption?
AES-256-GCM is considered secure for production use and has no known practical break. The real weak point in any password-based scheme is the password itself. A short or common password can be guessed, so the 100,000 PBKDF2 iterations slow attackers down, but you should still choose a long, unique, random password for anything important.
Can I decrypt the output on another device or tool?
You can decrypt it in this tool on any device using the same password. Decrypting it elsewhere is possible only if the other tool uses exactly the same scheme: PBKDF2-SHA256 at 100,000 iterations, a 16-byte salt prefix, a 12-byte IV, AES-GCM, and Base64 of salt plus IV plus ciphertext. The format is documented but not a universal standard.
Is there a length limit on the text?
There is no hard limit, but the entire message is held in memory and processed in one pass, so very large inputs (many megabytes) may be slow or memory-heavy on low-end devices. For typical notes, messages, and config snippets the tool is instant. For encrypting large files a dedicated file-encryption utility is more suitable.
Does encryption work without an internet connection?
Yes. The tool relies only on the Web Crypto API built into modern browsers, with no external libraries. Once the page has loaded there are no network requests, so you can encrypt and decrypt completely offline.

About Text Encrypt / Decrypt (AES-GCM)

The security comes from two well-chosen building blocks. Your password is run through PBKDF2 with SHA-256 and 100,000 iterations against a fresh random 16-byte salt, which turns a human password into a strong 256-bit key while making brute-force attacks far slower. That key then drives AES-GCM with a fresh random 12-byte initialisation vector, an authenticated cipher that both hides the contents and detects any tampering. The output bundles the salt, the IV, and the ciphertext together and encodes the whole thing as Base64, so a single string is all you need to decrypt later, provided you have the password.

Every byte of this process happens inside your browser using the native Web Crypto API, with no external library and no network traffic. Your plaintext and your password never leave your device, are never logged, and are never uploaded. If the password is wrong or the ciphertext has been altered, decryption fails cleanly with an error rather than producing garbage, because AES-GCM verifies integrity as part of decryption. The tool also works entirely offline once the page has loaded.

Why GCM, and why a salt and an IV?

AES has been the U.S. government's approved symmetric cipher since 2001, when it replaced the ageing DES standard after an open international competition. AES on its own only encrypts fixed-size blocks, so it must be combined with a mode of operation. GCM, short for Galois/Counter Mode, is popular because it does two jobs at once: it encrypts the data and produces an authentication tag that detects tampering, all in a single efficient pass.

The salt and the initialisation vector solve two different problems, and confusing them is a classic mistake. The salt is mixed into the password before key derivation so that two people using the same password get different keys, which defeats precomputed rainbow-table attacks. The IV, by contrast, randomises the encryption itself so that encrypting identical plaintext under the same key still yields different ciphertext. Both must be unique per message, but neither is secret, which is why this tool simply stores them alongside the ciphertext.

The single most dangerous error with GCM is reusing an IV with the same key. Doing so can leak relationships between messages and, in the worst case, expose the authentication key entirely. That is exactly why this tool generates a brand-new random IV for every encryption rather than reusing a fixed value, a small detail that makes the difference between textbook-correct encryption and a subtle, exploitable flaw.

Advertisement
Advertisement
Advertisement