AES Encrypt Decrypt

Auto execute after input(400ms debounce)

Algorithm Mode

Key size

Ciphertext format (encrypt output / decrypt input)

Key Hex （64 chars）

IV Hex （24 chars，Leave empty for auto-generation on encrypt）

Plaintext

UTF-8 text

Ciphertext（Hex）

GCM: ciphertext includes authentication tag · Auto update with input

Please enter the full key

Mode and format notes

• Browser SubtleCrypto only provides GCM, CBC, and CTR for AES—not ECB, CFB, or OFB (to prevent weak usage). For other modes, use OpenSSL or a server-side library.
• Ciphertext format options: Hex / Base64 / Base64URL, aligned with CyberChef, APIs, JWT, etc. Both encrypt and decrypt sides must use the same format.
• Under AES-GCM, output is a continuous byte stream of "ciphertext + authentication tag"; this tool encodes the entire block into the selected format—paste the whole block when decrypting.

Notes

• Web Crypto runs entirely in the browser; GCM is authenticated encryption, suitable for default scenarios.
• On encrypt, leave IV empty and the tool will generate a random IV and fill it above for reuse during decryption.
• On decrypt, leave IV empty to try an all-zero vector (only valid when the other party uses the same convention).

Secure online tool to encrypt and decrypt data with AES (CBC, GCM, CTR, ECB). Supports custom IV, PKCS7 padding, and multiple key sizes. Ideal for API debugging and symmetric encryption testing.

DES Encrypt Decrypt

Video to Base64

JWT Decoder

Password Generator

JSON Compress

SQL Formatter

Use Cases

Debugging frontend-backend AES parameter consistency during API integration
Verifying ciphertext decryption across CBC, GCM, and CTR modes
Converting encrypted data between Base64 and Hex for storage or transmission
Learning symmetric encryption principles, including IV and key length impact

Features

Comprehensive AES Modes: Supports AES-CBC, GCM, CTR, and ECB with 128/192/256-bit keys and custom IV/Nonce.
Flexible Padding & Encoding: Handles PKCS7 and ZeroPadding, with instant Base64/Hex output conversion.
API Debugging Essential: Verify frontend-backend encryption consistency and troubleshoot parameter mismatches.
100% Client-Side Security: All encryption runs locally in your browser. Keys and data never leave your device.

How to Use

1.Select mode (Encrypt/Decrypt) and AES algorithm (CBC, GCM, CTR, etc.)
2.Input plaintext/ciphertext and select format (Text, Base64, or Hex)
3.Enter secret Key and IV, choose padding (PKCS7 recommended)
4.View result instantly and copy output for your code or API

FAQ

What's the difference between AES-CBC, GCM, and CTR modes?

CBC is the most common mode but requires careful IV management. GCM provides both encryption and authentication (integrity check) — highly secure for network transmission. CTR turns a block cipher into a stream cipher for high parallelization and speed. Our tool lets you test all three.

Why is my AES decryption failing?

Decryption failures usually come from three mismatches: 1) Incorrect Key or IV; 2) Mismatched padding (e.g., PKCS7 vs ZeroPadding); 3) Inconsistent character encoding or output format (Base64 vs Hex). Make sure all parameters match exactly.

Is it safe to use this online AES tool for sensitive data?

Yes. GeekFormat's AES tool runs entirely client-side — in your browser. Your keys, IVs, and data are processed locally and never transmitted to any server. Perfect for debugging and testing.

What is an IV and do I need it?

An IV (Initialization Vector) ensures that encrypting the same plaintext produces different ciphertexts. Required for secure modes like CBC and GCM (16 bytes/128 bits). ECB mode doesn't use an IV but is considered less secure.