Skip to content
Symmetric encryption

Encrypt and decrypt text and files with AES-256-GCM

Symmetric AES-256 encryption in GCM (authenticated) mode, with the key derived from your password through PBKDF2-HMAC-SHA-256 at 210,000 iterations, using a random salt and IV for every operation. Works on text (Base64 output) and on files of any type. Everything runs through the browser Web Crypto API: your content and password never leave the device and are never sent to any server.

How to encrypt and decrypt with AES

  1. 1

    Pick text or file and the operation

    Choose whether to work on text or a file, and whether to encrypt or decrypt. For text you type or paste directly; for files you drop the item into the drop zone.

  2. 2

    Enter the password

    The password is the only key. Use a strong one, different from those you use elsewhere. There is no recovery: if you forget it, the encrypted data stays unreadable forever.

  3. 3

    Run

    Encrypting gives you a Base64 string (text) or a .aes file (file). Decrypting the same content with the same password returns the original. If the password is wrong or the data was altered, GCM refuses to decrypt and tells you.

  4. 4

    Store or share

    Copy the Base64 output or download the file. To share securely, send the encrypted content and the password over separate channels (e.g. the file by email, the password by voice).

How the encryption works, in detail

The scheme is the recommended one for authenticated symmetric encryption. The password is never used directly as a key: it goes through PBKDF2-HMAC-SHA-256 with 210,000 iterations and a random 16-byte salt, producing a 256-bit AES key. The random salt makes the same password yield a different key on every encryption, defeating rainbow tables. The high iteration count makes brute force expensive.

Encryption uses AES-256 in GCM mode (Galois/Counter Mode), which is authenticated: besides encrypting, it computes an integrity tag. On decryption, if even a single bit of the content or tag was changed, the operation fails instead of returning corrupted data. Each encryption uses a random 12-byte IV (nonce), the recommended size for GCM, so the same key/IV pair is never reused.

The output format is a simple concatenation: salt (16 bytes) + IV (12 bytes) + ciphertext and tag. For text this is Base64-encoded; for files it stays binary in a .aes file. On decryption the tool reads salt and IV from the head of the data, re-derives the key from the password and decrypts. Everything runs on the native browser Web Crypto API: no third-party crypto library, no data transmitted.

Glossary

Technical terms used on this page, briefly explained.

AES-256 #
Advanced Encryption Standard with a 256-bit key, the most widely used symmetric cipher. Encryption and decryption use the same key.
GCM (authenticated mode) #
Galois/Counter Mode: encrypts and simultaneously produces an authentication tag. It guarantees confidentiality and integrity: tampered data will not decrypt, it fails.
PBKDF2 #
Password-Based Key Derivation Function 2. Turns a password into a cryptographic key by repeatedly applying HMAC-SHA-256 (here 210,000 times) with a salt, to slow down brute-force attacks.
Salt #
A random value combined with the password before key derivation. Random on every encryption, it stops identical passwords from producing identical keys and neutralises rainbow tables.
IV / Nonce #
Initialization Vector: a random value (12 bytes for GCM) that makes every encryption different from the others, even with the same key and plaintext. It must never repeat under the same key.
Base64 #
An encoding that represents binary data as ASCII text. Here it carries the encrypted (binary) result as a copy-and-paste friendly string.

AES encryption FAQ

Is my data or password sent to a server?
No. The whole operation happens in the browser through the Web Crypto API. Your text, file and password never leave the device and are never stored or transmitted. You can disconnect from the internet after loading the page and the tool still works.
What happens if I forget the password?
The data is unrecoverable. There is no backdoor and no recovery: that is the point of strong encryption. The key is derived solely from the password via PBKDF2; without the correct password, AES-GCM cannot decrypt and fails. Keep the password in a password manager.
Can I decrypt a file encrypted here somewhere else?
Yes, if you follow the format. The file is the concatenation salt(16) + IV(12) + GCM ciphertext-with-tag, with an AES-256 key derived via PBKDF2-HMAC-SHA-256, 210,000 iterations. With those parameters you can decrypt with any library (Python cryptography, OpenSSL via script, Node crypto). The parameters are documented in the technical section.
Why GCM and not CBC?
GCM is an authenticated mode: it detects tampering of the ciphertext. CBC encrypts but does not authenticate, so an attacker can alter the ciphertext without decryption noticing (you need extra constructions like encrypt-then-MAC). For a general-purpose tool, GCM is the safe default.
How secure is a password versus a random key?
It depends on the password. A long, random passphrase is strong; a short or common password is dictionary-attackable despite PBKDF2. The 210,000 iterations slow down each attempt but do not fix a weak password. For very sensitive data use a passphrase of at least 4-5 random words.
Is there a file size limit?
The practical limit is browser memory: the file is loaded entirely into memory to be encrypted. Files up to a few hundred MB work on modern devices; very large files (GB) can exhaust the tab's RAM. For huge archives a dedicated desktop tool is better.
Does the tool use external crypto libraries?
No. It uses only the native browser Web Crypto API (crypto.subtle), implemented and audited by the browser engine. No third-party JavaScript crypto library, which have historically been a source of vulnerabilities when unmaintained.
Can I trust that it really is offline?
You can verify it: open the browser developer tools, Network tab, and run an encryption. You will see no outgoing request carrying your content. Alternatively, load the page, turn off your connection and use the tool: it keeps working because all the computation is local.

Who builds these tools?

Maurizio Fonte, senior IT consultant with 20+ years in PHP, Laravel, unmanaged Linux infrastructure, applied cybersecurity and AI/LLM integration. Production backends, legacy code modernization, security audits, custom AI agents and MCP servers: the work behind every tool published here.

About Maurizio Fonte