+ Add

AES Encryption and Decryption Online

Online AES encryption/decryption tool with ECB, CBC, CTR, and GCM modes. Supports 128, 192, and 256-bit keys. Built for secure, real-world use.

Advanced Encryption Standard (AES) is a fast and secure symmetric encryption algorithm widely used to protect sensitive data. It supports 128-bit, 192-bit, and 256-bit keys and is used in databases, file encryption, APIs, and secure communications. This tool supports multiple cipher modes — ECB, CBC, CTR, and GCM — with AES-GCM being the recommended choice as it provides both encryption and integrity. Learn more in this Java AES implementation guide.

Symmetric Cipher
Same key for both encryption and decryption — fast for bulk data
4 Cipher Modes
ECB, CBC, CTR & GCM — AES-GCM recommended for authenticated encryption
128 / 192 / 256-bit Keys
Flexible key sizes to match your security and performance needs

AES Encryption

⚠️ Plain-text secret keys are weak. Choose Hex/Base64 or PBKDF2-derived keys for stronger security.

AES Decryption

Common AES Encryption & Decryption Errors (and Fixes)

Wrong AES Mode Selected Using insecure or incorrect AES modes is the most common cause of weak encryption. AES-ECB leaks patterns and should never be used for real data — identical plaintext blocks produce identical ciphertext, revealing structure.

Fix: Use AES-GCM for authenticated encryption, or AES-CBC with a secure MAC if GCM is unavailable.

Invalid IV Length AES requires a 16-byte (128-bit) IV for block modes like CBC. Using an incorrect IV size causes decryption failures or weak encryption.

Fix: Always generate a random 16-byte IV for each encryption. Use the Generate button in the tool above.

Authentication Tag Verification Failed (AES-GCM) This error occurs when ciphertext or associated data is modified, or when the wrong key or IV is used during decryption.

Fix: Ensure the same key, IV, and associated data are used for both encryption and decryption.

Padding Errors (PKCS5Padding) Padding errors happen when decrypting data with mismatched padding or corrupted ciphertext.

Fix: Ensure the same padding scheme is used on both sides. Switch to AES-GCM to avoid padding-based modes entirely.

Secret Key Format

  • Secret Key must be provided in one of these formats: Hex / Base64 / Plain Text.
  • Key length must match the selected key size:
    • 128-bit → 16 bytes (e.g. 32 hex characters)
    • 192-bit → 24 bytes
    • 256-bit → 32 bytes
  • Example: 32 hex chars = 16 bytes (AES-128)

Using a plain-text password directly as an encryption key is not recommended. Human-readable passwords usually have low entropy and are vulnerable to brute-force and dictionary attacks.

For stronger security, derive a key from your password using PBKDF2 — this generates a cryptographically strong 32-byte key using salting and multiple iterations. Use the PBKDF2 Hashing Online Tool to generate one.

IV Format & Security Concerns

  • IV can be Hex / Base64 / Plain Text.
  • IV must be exactly 16 bytes (128-bit):
    • 32 hex characters
    • or a Base64 string that decodes to 16 bytes
    • or 16 plain text bytes
  • IV is optional in this tool for convenience, but using a random IV is strongly recommended.
  • If IV is missing, many libraries default to 00000000000000000000000000000000 — making encryption deterministic and able to reveal patterns.
  • Without a random IV, identical plaintext encrypted with the same key produces identical ciphertext — this leaks information and weakens security.
  • Best practice: always use a random IV for CBC/CFB/GCM modes and never reuse an IV with the same key.

You can analyze insecure AES usage using our Crypto Safety Validator.

Secure Usage Guidelines for AES

  • Prefer AES-GCM for modern applications — it provides encryption and authentication in one operation
  • Never use AES-ECB for real data — it reveals patterns in identical plaintext blocks
  • Always use a random, unique IV for every encryption operation
  • Never reuse encryption keys or IVs across different systems or purposes
  • Use AES only for data encryption — not for password storage; use bcrypt, scrypt, or Argon2 instead

Security note: AES-GCM provides confidentiality and integrity in one pass. CBC and CTR modes require additional authentication (MAC) to prevent tampering.

MAC Generators: HMAC Generator · Poly1305 Generator

Key Features of AES Encryption

Symmetric Key Algorithm The same secret key is used for both encryption and decryption — making AES fast and efficient for bulk data.
Block Cipher AES operates on fixed-size blocks of 128 bits. Data is divided into 16-byte chunks before encryption.
Flexible Key Sizes Supports 128-bit, 192-bit, and 256-bit encryption. AES-256 is trusted by governments and enterprises for high-security data.
Industry Standard Widely used in databases, file encryption, APIs, TLS/SSL, and cloud security worldwide.

AES Encryption Concepts

To encrypt data, enter the plain text or password and choose an appropriate AES mode of operation. Each mode offers different security and performance characteristics.

Supported AES Modes of Operation

Mode IV Required Padding Authentication Status
ECB No PKCS5 No Not Recommended
CBC Yes (16 bytes) PKCS5 No (add MAC) Acceptable
CTR Yes (16 bytes) None No (add MAC) Good
GCM Yes (16 bytes) None Yes (built-in) Recommended

ECB (Electronic Codebook) does not use an IV and produces identical ciphertext for identical plaintext blocks, making it insecure for real-world usage. CBC (Cipher Block Chaining) uses an Initialization Vector (IV) to randomize output — more secure than ECB but does not provide authentication. CTR (Counter Mode) turns AES into a stream cipher and allows parallel processing, making it suitable for high-performance systems. GCM (Galois/Counter Mode) provides authenticated encryption, ensuring confidentiality and integrity — the recommended mode for modern applications and APIs.

Padding

Block-based modes like ECB and CBC require padding such as PKCS5Padding to align data to the 16-byte AES block size. Streaming modes like AES-GCM do not require padding.

AES Key Size and IV

AES always uses a 128-bit block size. When an IV is required, it must be 16 bytes (128 bits) long. Secret key sizes must be 16, 24, or 32 bytes for AES-128, AES-192, and AES-256 respectively.

Encrypted output is Base64 encoded by default, with an option to export ciphertext in HEX format.

AES vs RSA vs DES

AES is a symmetric encryption algorithm designed for speed and efficiency. RSA is an asymmetric algorithm mainly used for secure key exchange and digital signatures, while DES is an outdated symmetric cipher and is no longer considered secure.

Feature AES RSA DES
Encryption Type Symmetric Asymmetric Symmetric
Performance Very fast Slow Fast but insecure
Key Size 128 / 192 / 256 bits 2048+ bits 56 bits
Security Status Highly secure Secure Broken / deprecated
Typical Usage Encrypting data Key exchange Legacy systems

In practice, AES is often used together with RSA encryption, where RSA secures the AES secret key and AES encrypts the actual data.

When NOT to Use AES

  • Password Storage: AES is reversible encryption and should never be used to store passwords. Use bcrypt, scrypt, or Argon2 instead.
  • Unauthenticated Encryption: Using ECB or CBC without integrity protection can allow data tampering. Prefer AES-GCM or MAC-based solutions like Poly1305.
  • Poor Key Management: Hardcoded keys, reused IVs, or weak randomness can compromise AES security entirely.
  • Public-Key Requirements: AES is not suitable for digital signatures or secure key exchange. Use RSA or elliptic-curve cryptography for these use cases.

Applications of AES Encryption

  • Data Protection: Encrypting sensitive files and database fields.
  • Secure Communication: HTTPS, SSL/TLS, and API payload encryption.
  • Authenticated Encryption: Used with MACs such as Poly1305 to ensure integrity.

Related Encryption Tools

RSA Encryption / Decryption PGP Message Encryption PGP File Encryption Crypto Safety Validator Bcrypt Hash Generator Text Encryption / Decryption

Frequently Asked Questions (FAQ)

Yes. AES is considered highly secure when used with strong keys and modern modes like AES-GCM. AES-256 is widely trusted by governments and enterprises.
No. Passwords should be hashed using slow, memory-hard algorithms such as bcrypt, scrypt, or Argon2 instead of reversible encryption.
AES-GCM is the recommended choice as it provides encryption and authentication in a single, efficient operation.
There are no practical attacks against properly implemented AES. Most vulnerabilities arise from incorrect usage, weak keys, or poor key management.
AES-128 uses a 128-bit key (16 bytes) and performs 10 rounds of encryption. AES-256 uses a 256-bit key (32 bytes) and performs 14 rounds — providing a larger security margin at a small performance cost. Both are considered secure; AES-256 is preferred for high-security and long-lived data.
Yes. AES-GCM requires a nonce (IV) — typically 12 bytes (96 bits) for optimal performance, though this tool uses 16 bytes to stay consistent with other modes. The IV must be unique for every encryption with the same key. Reusing a nonce in GCM mode completely breaks its authentication guarantee.

Support This Free Tool!

I build these tools to give you fast, secure, privacy-friendly utilities—free and signup-free.

Buying me a coffee helps keep the project running and supports new features.

cards
Powered by paypal

Thank you for helping this tool thrive!

References

Tools Used Together