How is the encryption key derived from my passphrase?

We use PBKDF2 (Password-Based Key Derivation Function 2) with 100,000 iterations and SHA-256 hashing plus a random 16-byte salt. This converts any passphrase into a strong 256-bit cryptographic key while making brute-force attacks extremely slow.

AES-256 Encryption & Decryption Tool

Encrypt and decrypt messages using military-grade AES-256-GCM encryption. Uses PBKDF2 key derivation with 100,000 iterations for maximum security. Runs entirely in your browser via the Web Crypto API — we never see your data or passphrase.

100% FreeZero Server ProcessingMilitary-Grade

End-to-End Privacy

Encryption and decryption run entirely in your browser. Your passphrase, plaintext, and ciphertext NEVER leave your device. We cannot read, store, or recover your data. This is mathematically guaranteed.

🔐 Encrypt a Message

Your Secret Message

Passphrase

Encrypted Output (Base64)

🔓 Decrypt a Message

Encrypted Text (Base64)

Passphrase

Decrypted Message

Key Facts

Algorithm: AES-256-GCM (Galois/Counter Mode) — provides both confidentiality and integrity in a single operation
Key Derivation: PBKDF2 with 100,000 iterations of SHA-256, using a random 16-byte salt per encryption
Authentication: GCM mode detects any tampering with the ciphertext. Wrong passphrase or modified data is rejected
Output Format: Base64 string containing salt (16 bytes) + IV (12 bytes) + ciphertext — safe to copy, paste, and share
Security Level: 256-bit key space means 2^256 possible keys — brute-force would take longer than the age of the universe
Privacy: Web Crypto API processes everything in browser memory. Zero network requests during encryption

How AES-256-GCM Encryption Works

Step 1 — Salt Generation: A cryptographically random 16-byte salt is generated using crypto.getRandomValues(). This ensures the same passphrase produces different keys each time
Step 2 — Key Derivation: Your passphrase is processed through PBKDF2 with the salt and 100,000 iterations of SHA-256, producing a 256-bit AES key. The high iteration count makes brute-force attacks extremely slow
Step 3 — IV Generation: A random 12-byte initialization vector (IV) ensures that encrypting the same message with the same key produces different ciphertext each time
Step 4 — AES-GCM Encryption: The message is encrypted using AES-256 in Galois/Counter Mode, which simultaneously encrypts and creates an authentication tag
Step 5 — Output Packaging: Salt + IV + ciphertext are concatenated and Base64-encoded into a single shareable string

Encryption vs Hashing vs Encoding

Encryption (AES-256): Two-way. Data can be encrypted and decrypted with the correct key. Used for protecting confidential messages and files
Hashing (SHA-256): One-way. Data is transformed into a fixed-length fingerprint that cannot be reversed. Used for verifying integrity and storing passwords. See our SHA-256 Hash Generator
Encoding (Base64): Two-way but provides zero security. Data is transformed for safe transport through text channels. Anyone can decode it. See our Base64 Encoder/Decoder

Frequently Asked Questions

What is AES-256-GCM encryption?

AES-256-GCM is an authenticated encryption standard that uses a 256-bit key with Galois/Counter Mode. It provides both confidentiality (nobody can read the data) and integrity (any tampering is automatically detected). It is approved by NIST and used by the US government, military, financial institutions, and in SSL/TLS connections worldwide.

Can you decrypt my messages?

No. Encryption and decryption happen entirely in your browser using the Web Crypto API. We never see your passphrase, plaintext, or ciphertext. Without your passphrase, the encrypted data is mathematically impossible to recover — even by us.

What happens if I forget my passphrase?

The data cannot be recovered. AES-256 encryption is designed so that without the correct passphrase, decryption is computationally infeasible. Even with all the computing power on Earth, it would take longer than the age of the universe to brute-force a 256-bit key.

Why does the same message produce different ciphertext each time?

Each encryption generates a unique random salt and initialization vector (IV). This ensures that encrypting the same message with the same passphrase always produces different output, preventing pattern analysis attacks.

Is AES-256 still considered secure in 2025?

Yes. AES-256 remains the gold standard for symmetric encryption. No practical attack against AES-256 has ever been demonstrated. It is approved for US government TOP SECRET classification. Even theoretical quantum computing attacks (Grover's algorithm) would only reduce effective security to 128 bits — still far beyond any feasible attack.