Advertisements

headerup to 320x100 / 728x90

AES Encrypt / Decrypt

Encrypt plaintext with AES and a passphrase, or decrypt CryptoJS-formatted ciphertext back to readable text, entirely in your browser.

Mode:
Passphrase:
Input
Loading editor...
Output

Output will appear here...

Advertisements

content bottomup to 300x250

What is AES Encrypt / Decrypt

Last reviewed:

AES Encrypt / Decrypt lets you encrypt any plaintext with a passphrase using AES-256-CBC (CryptoJS format) or reverse the process on ciphertext produced in the same format.

Because all cryptography runs in the browser, it is safe to use for quick note-taking, sharing short secrets over untrusted channels, and prototyping client-side encryption without spinning up a backend.

Why use it

  • Encrypt quick notes and secrets before sending them over chat.
  • Decrypt CryptoJS-formatted ciphertext received from a peer.
  • Prototype client-side encryption flows without running a server.
  • Test browser-based AES integrations with a known good reference.
  • Avoid exposing sensitive data to third-party encryption services.

Features

  • AES-256-CBC encrypt and decrypt modes
  • CryptoJS-compatible salted output
  • Client-side encryption with no server round trip
  • Works in any modern browser
  • Instant mode switch between encrypt and decrypt

How to use AES Encrypt / Decrypt

  1. Pick a mode. Choose Encrypt or Decrypt from the mode selector at the top of the tool.
  2. Enter a passphrase. Type or paste a strong passphrase into the Passphrase field.
  3. Provide input. Paste plaintext to encrypt, or CryptoJS ciphertext (starts with U2FsdGVkX1) to decrypt.
  4. Copy the result. The output panel shows the ciphertext or plaintext ready for copying.

Example (before/after)

Plaintext + passphrase

plaintext: hello devfox
passphrase: my-passphrase

AES ciphertext

U2FsdGVkX1+Bd5m4nJbo7P1zYX2BOAUf9QpXz7e7VlI=

Common errors

Wrong passphrase on decrypt

The output will be empty or an error message if the passphrase does not match the one used to encrypt.

Fix: Verify the passphrase is identical, including case, trailing whitespace, and encoding.

Passing non-CryptoJS ciphertext

This tool consumes CryptoJS's default OpenSSL-style salted format (U2FsdGVkX1…).

Fix: Re-encrypt the plaintext with the same format or use a matching library for decryption.

Using AES as authentication

CBC mode does not authenticate ciphertext, so tampering is not detected.

Fix: For authenticated encryption, use AES-GCM with a library that exposes it, or add an HMAC.

FAQ

What cipher and mode are used?

AES with the CryptoJS default of AES-256-CBC and OpenSSL-style salted output beginning with `U2FsdGVkX1`.

Is the output authenticated?

No. CBC without HMAC does not detect tampering. Use GCM or add an HMAC for authenticated encryption.

Does my data leave the browser?

No. All encryption and decryption runs client-side.

Can I decrypt output from OpenSSL?

Yes, if it was encrypted with `openssl enc -aes-256-cbc -a -salt` using the same passphrase.

What is a good passphrase?

Use a long, high-entropy passphrase or a randomly generated key — longer is better.

Is this suitable for regulated data?

It is intended for quick prototyping and casual secrecy. For regulated data, use authenticated schemes with key management.

Related tools

Combine AES encrypt/decrypt with hashing and HMAC tools for complete crypto workflows. You can also browse the full Cryptography & Hashing category for more options.

SHA256 Hash

Generate SHA-256 cryptographic hash

SHA512 Hash

Generate SHA-512 cryptographic hash

Password Generator

Generate strong passwords with adjustable length and character types. Includes a real-time strength meter and copy button for quick password creation.

Text Checksum Generator

Generate MD5, SHA-1, SHA-256, SHA-384, SHA-512, or SHA3 checksums from pasted text, perfect for quick integrity checks and deduplication.

Base64 Encoder/Decoder

Encode or decode Base64 strings

SHA-512/256 Hash Generator

Generate a SHA-512/256 truncated digest used where 256-bit SHA-2 output is needed with SHA-512 internals.

SHA3-256 Hash Generator

Generate a SHA3-256 hash from any text string to match Ethereum, Keccak-family, and NIST FIPS 202 checksums.

SHAKE-256 Hash Generator

Generate an extendable-output (XOF) SHAKE-256 hash from any text, with a configurable digest length for custom use-cases.

NTLM Hash

Generate NTLM password hash

WordPress Hash Simulation

Generate a phpass-style WordPress hash simulation for demos

CRC16 Hash

Generate CRC-16 checksum

CRC32 Hash

Generate CRC-32 checksum