AES-GCM Encrypt / Decrypt Tool

Encrypt a piece of text with a password, get an unreadable ciphertext you can safely share. Decrypt requires the same password. Uses AES-256-GCM (the modern authenticated-encryption mode) with PBKDF2 for key derivation (210,000 iterations, OWASP 2023 recommendation). All in your browser via WebCrypto — your data and password never leave your machine.

How to use the AES-GCM Encrypt / Decrypt Tool

Pick encrypt or decrypt. Type a password — strong is better; this becomes the encryption key. Paste plaintext (or ciphertext for decrypt) and click Run. Output is base64-encoded for safe sharing.

About AES-GCM Encrypt / Decrypt Tool

AES-256-GCM is the gold-standard symmetric encryption today: AES with a 256-bit key, GCM (Galois/Counter Mode) for authenticated encryption that detects tampering. Used by TLS 1.3, SSH, OpenSSH, age, modern PGP.

This tool uses PBKDF2-SHA256 with 210,000 iterations (OWASP 2023 recommendation) to derive the AES key from your password. The salt is random per encryption (prepended to the ciphertext). The IV is also random (12 bytes per GCM). The output format is base64-encoded: salt(16) || iv(12) || ciphertext || tag(16).

Security caveats: this tool gives you a low-friction way to encrypt small bits of data with a password. It does NOT replace proper key management for production (use KMS / Vault / age). It does NOT protect against keylogging or browser compromise. For sensitive data at rest, consider age.

Common use cases

• Securely share secrets — encrypt before pasting into a chat / email; recipient decrypts with the password.
• Local notes encryption — encrypt sensitive notes before copying into a synced doc.
• Educational — see authenticated encryption in action.