AES Text Encryption (AES-GCM + PBKDF2)

What is AES Text Encryption (AES-GCM + PBKDF2)?

A free, browser-based AES text encryptor and decryptor. It uses AES-256 in GCM mode (authenticated encryption) with a key derived from your passphrase via PBKDF2-SHA-256, using a fresh random salt and 150,000 iterations every time you encrypt. The encrypted output is a single Base64 string that bundles the salt, the initialization vector (IV) and the ciphertext, so you can paste it anywhere and decrypt it later with the same passphrase. People use it to protect notes, API keys, recovery phrases and short messages before storing or sharing them, without trusting a server. Switch between Encrypt and Decrypt with the toggle, type your text and passphrase, and copy the result.

How to use AES Text Encryption (AES-GCM + PBKDF2)

1. Pick Encrypt or Decrypt with the toggle at the top.
2. In Encrypt mode, type or paste the plain text you want to protect; in Decrypt mode, paste the Base64 string you got earlier.
3. Enter the passphrase. For decryption it must match the exact passphrase used to encrypt.
4. The result appears automatically below as you type — a Base64 ciphertext when encrypting, or the recovered plain text when decrypting.
5. Click the copy button to copy the output, then store or share it.
6. To read an encrypted string later, switch to Decrypt, paste it, and enter the same passphrase.

Examples

meet me at 8pm

k3Jp…Qz== (Base64 of salt + IV + AES-GCM ciphertext)

Frequently asked questions

What encryption does this use?

AES-256 in GCM mode (authenticated encryption). The key is derived from your passphrase with PBKDF2-SHA-256 using a random 16-byte salt and 150,000 iterations. A random 12-byte IV is used per encryption, and the salt and IV are stored with the ciphertext.

Why do I get a decryption error?

Decryption fails when the passphrase is wrong or the Base64 input is incomplete or corrupted. AES-GCM verifies integrity, so it refuses to return tampered or mismatched data rather than producing garbage. Re-check the passphrase and that you pasted the full string.

Is my passphrase or text sent anywhere?

No. All encryption and decryption run locally in your browser using the built-in Web Crypto API. Your text and passphrase never leave your device and are never uploaded to any server.

Is the passphrase saved if I use it in the workspace?

No. The passphrase field is a password input and is deliberately excluded from workspace state capture, so it is never stored, shared in links or written to exported files. You must re-enter it each session.

Can I lose access to my data?

Yes — if you forget the passphrase there is no recovery and no backdoor. The passphrase is the only key. Choose a strong one you can remember, and keep the full Base64 output intact.