Skip to main content
DevBench
Back to DevAll tools
🔐

AES-256-GCM Encryptor

DevOffline-ready

AES Encrypt encrypts and decrypts text using AES-256-GCM — the same algorithm used by TLS 1.3 and Signal — entirely in your browser via the Web Crypto API. Enter your plaintext and a password, and the tool derives a 256-bit key using PBKDF2 with 310,000 iterations and a random salt. GCM mode provides authenticated encryption, so any tampering with the ciphertext is detected on decryption. Nothing is ever sent to a server.

Related: HashPassBase64 Encode

AES-256-GCM · PBKDF2 · client-side only

Password generator

Load from file — JSON, TXT, or any text file

For Encrypt: load a JSON or text file — its content becomes the plaintext.
For Decrypt: load a file containing the Base64 ciphertext (or a JSON object with a ciphertext field).

How to use the AES Encrypt / Decrypt tool

  1. Select Encrypt, type or paste the plaintext you want to protect.
  2. Enter a strong password — the longer and more random, the better. The tool derives a 256-bit key using PBKDF2.
  3. Click Encrypt — copy the Base64 ciphertext output and store or transmit it safely.
  4. To decrypt, select the Decrypt tab, paste the ciphertext, enter the same password, and click Decrypt.
  5. Keep your password separate from the ciphertext — anyone with both can decrypt your data.

AES-256-GCM encryption — how it works

This tool encrypts and decrypts text using AES-256-GCM — the same algorithm used by TLS 1.3, Signal, and most modern security systems. A 256-bit key is derived from your password using PBKDF2 with 310,000 iterations and a random salt. GCM (Galois/Counter Mode) provides both confidentiality and authenticated integrity — any tampering with the ciphertext is detected on decryption. Everything runs in your browser via the Web Crypto API; your data and password never leave your device.

Also useful: Hash Generator, Password Generator.