AES Encrypt / Decrypt
Encrypt and decrypt text using AES-256-GCM with PBKDF2 key derivation. Everything happens in your browser via the Web Crypto API.
Uses AES-256-GCM with PBKDF2 key derivation (100,000 iterations, SHA-256). Output is Base64-encoded ciphertext including salt and IV.
What is AES-256-GCM?
AES (Advanced Encryption Standard) is the NIST-standardized symmetric cipher used in TLS, disk encryption, and most modern protocols. AES-256 uses a 256-bit key. GCM (Galois/Counter Mode) is an authenticated encryption mode — it encrypts andproduces a built-in authentication tag, so any tampering with the ciphertext is detected on decryption.
Why GCM beats CBC
Older code often uses AES-CBC, which only provides confidentiality — you need a separate HMAC for integrity, and getting that combination right is famously error-prone (padding oracle attacks, encrypt-then-MAC ordering). GCM bakes integrity into the cipher, eliminates padding entirely, and is faster on modern CPUs with AES-NI. For new code, prefer GCM (or ChaCha20-Poly1305).
What PBKDF2 does
A password is not a key. PBKDF2 (Password-Based Key Derivation Function 2) stretches a password into a fixed-size key by hashing it together with a random salt many times — here, 100,000 SHA-256 iterations. The salt prevents precomputed rainbow tables; the iteration count slows down brute-force guessing. For new applications consider Argon2 or scrypt instead, which are more resistant to GPU and ASIC attacks.
When to use symmetric encryption
Symmetric encryption is the right tool when the same party (or parties sharing a secret) both encrypts and decrypts: encrypting files at rest, sealing data before storing it in an untrusted location, or protecting a backup with a password. For sending data to someone who can't share a secret in advance, use public-key encryption or a key-exchange protocol.