Cryptographic Tools
What It Does
Encrypts and decrypts data using AES-GCM (Galois/Counter Mode) — the recommended authenticated encryption mode.
How to Use It
- Select “Encrypt” or “Decrypt” mode.
- Enter the plaintext (to encrypt) or ciphertext (to decrypt).
- Enter or generate an encryption key (128, 192, or 256 bits).
- Provide or auto-generate an IV/nonce.
- Click “Encrypt” or “Decrypt”.
Options Explained
| Option | Description |
|---|---|
| Key size | 128, 192, or 256 bits — 256-bit is recommended for maximum security |
| Key encoding | Hex, Base64, or UTF-8 |
| IV / Nonce | Initialization vector — must be unique per encryption (auto-generated or manual) |
| Output encoding | Hex or Base64 for the ciphertext |
| AAD | Additional Authenticated Data — extra data that is authenticated but not encrypted |
About AES-GCM Encryption
AES-GCM (Advanced Encryption Standard – Galois/Counter Mode) is an authenticated encryption with associated data (AEAD) algorithm. It combines the AES block cipher in counter mode for confidentiality with Galois-field multiplication for authentication, producing both a ciphertext and a 128-bit authentication tag in a single pass. This makes it significantly faster and more secure than pairing a separate cipher and MAC.
Every AES-GCM encryption requires a unique nonce (initialization vector), typically 12 bytes (96 bits). Reusing a nonce with the same key is catastrophic — it leaks the XOR of two plaintexts and allows authentication-tag forgery. The associated data (AAD) field lets you authenticate additional unencrypted metadata, such as packet headers, without encrypting it.
AES-GCM is the default cipher suite in TLS 1.3, the recommended algorithm in NIST SP 800-38D, and is natively supported by the Web Crypto API. Key sizes of 128, 192, and 256 bits are defined; 256-bit keys are preferred for maximum security.
Common Use Cases
- Encrypting data at rest in cloud storage and database fields
- Securing HTTPS traffic via TLS 1.2 and TLS 1.3 cipher suites
- Protecting JSON Web Encryption (JWE) payloads in API tokens
- Encrypting files and disk volumes with authenticated integrity
- Securing VPN tunnels (IPsec ESP with AES-GCM transform)
- End-to-end encrypted messaging in chat and email applications
What Is AES-GCM?
AES-GCM (Galois/Counter Mode) is an authenticated encryption with associated data (AEAD) scheme that combines AES in counter mode (CTR) for confidentiality with a Galois-field MAC for integrity and authenticity — all in a single, efficient pass over the data. It produces both ciphertext and an authentication tag; any modification to the ciphertext or associated data is detected during decryption. AES-GCM is the gold standard for modern symmetric encryption, mandated by TLS 1.3, recommended by NIST, and used in protocols like IPsec, SSH, and JSON Web Encryption (JWE). It requires a 96-bit (12-byte) nonce that must never be reused with the same key.
Frequently Asked Questions
What is the authentication tag?
The tag is a short value (typically 128 bits) appended to the ciphertext. During decryption, the tag is recalculated and compared; if it does not match, the data has been tampered with and decryption fails. This is what makes GCM an “authenticated” mode.
What happens if I reuse a nonce?
Nonce reuse with the same key is catastrophic for AES-GCM — it compromises both confidentiality and authentication. Always generate a fresh random 12-byte nonce for every encryption operation.
What is Additional Authenticated Data (AAD)?
AAD is optional plaintext data (such as a header or metadata) that is integrity-protected by the authentication tag but not encrypted. This lets you bind context to the ciphertext without hiding it.
Is my data sent to a server?
No. All encryption and decryption runs locally in your browser using the Web Crypto API. No keys or plaintext leave your device.
All encryption and decryption operations run entirely in your browser using the Web Crypto API. No keys or plaintext data are sent to any server.