What key derivation options are available?

The tool supports PBKDF2 and EvpKDF, with selectable hash functions such as MD5, SHA1, SHA224, SHA256, SHA384, and SHA512.

Is this tool intended for production use?

The page is primarily intended for educational and testing purposes. Sensitive production use should rely on audited security implementations and proper key management.

Encryption/Decryption

Q: Does encryption support UTF-8 output?

No. This tool does not support UTF-8 output for encryption. Use HEX or Base64 for encrypted output.

Encrypt or decrypt your text using AES with customizable settings for encoding, key size, mode, padding, key derivation, hash, salt, and iterations.

AES encrypt and decrypt UTF-8, HEX, Base64 PBKDF2 and EvpKDF CBC, CFB, CTR, OFB, ECB

Input Text

Output Text

Encryption/Decryption Results

Input Text

Output Text

Input Encoding

Output Encoding

Key Size

Mode

Padding

Key Type

Hash

These results are for reference only and were developed for educational and testing purposes. You can also directly access and review the source code, including the logic and free APIs used on this page.

Explore the guide

Custom encodings Flexible AES modes Passphrase derivation Browser based testing

How to Use the AES Encryption/Decryption Tool

1. Enter input text

Type or paste the text you wish to encrypt or decrypt in the input textarea. This can be a message, code, or any data you want to test.

2. Select the input encoding

Choose UTF-8, HEX, or Base64 based on your source value. The selected format must match the actual input to avoid errors.

3. Configure AES settings

Use the AES panel to set output encoding, key size, AES mode, padding, key derivation type, hash function, and optional passphrase, salt, and iteration values.

4. Encrypt or decrypt

Press Encrypt to create ciphertext or Decrypt to recover plaintext from HEX or Base64 input. The result panel updates automatically.

5. Review the result

The output text and the selected configuration appear in the result box so you can verify exactly how the tool was used.

6. Adjust HEX output case

If the output encoding is HEX, you can switch the output to upper case or lower case with one click.

Detailed guide▶

This section explains how the AES tool works, what each option changes, and which settings are usually safer for testing and learning. It is supported on both desktop and mobile.

How to use the AES Encryption/Decryption tool

Follow these steps to encrypt or decrypt text using the AES tool:

Enter Input Text: Type or paste the text you wish to encrypt or decrypt in the input area. This could be a message, code, or any data you want to secure.
Select Input Encoding: Choose UTF-8, HEX, or Base64 so the tool can parse the source value correctly.
Configure Cryptographic Settings:
- Output Encoding: Choose UTF-8, HEX, or Base64. Encryption does not support UTF-8 output.
- Key Size: Choose 128, 192, or 256 bits.
- Mode: Choose CBC, CFB, CTR, OFB, or ECB.
- Padding: Choose Pkcs7 or Iso97971.
- Key Type: Choose PBKDF2 or EvpKDF.
- Hash: Choose MD5, SHA1, SHA224, SHA256, SHA384, or SHA512.
- Optional inputs: Add passphrase, salt, or iteration count if needed.
Encrypt or Decrypt: Press Encrypt to generate ciphertext or Decrypt to recover plaintext from HEX or Base64 input.
Review Results: The output text and selected settings appear in the result box, and the copy icon can copy the full result block.
Case Conversion: If the output encoding is HEX, use the case buttons to normalize the result.

A practical starting point for testing is UTF-8 input, HEX output, AES-128, CBC, Pkcs7, PBKDF2, and SHA256.

Understanding AES encryption

AES is a symmetric encryption algorithm standardized by the U.S. National Institute of Standards and Technology in 2001. It is widely regarded as one of the most secure and efficient encryption methods available.

Block size and key lengths

Fixed Block Size: AES operates on 128-bit blocks.
Variable Key Lengths: AES supports 128-bit, 192-bit, and 256-bit keys.

Operation modes

CBC: Each block depends on the previous ciphertext block and uses an IV.
CFB: A stream-like mode suitable for flowing data.
CTR: Uses counters and supports parallel processing.
OFB: Produces a keystream independent of the plaintext.
ECB: Encrypts each block independently and may expose patterns.

Padding schemes

Pkcs7: The most common padding style for AES blocks.
Iso97971: An alternative padding method that some tools support.

Key derivation

PBKDF2: Uses repeated hashing to derive stronger keys from a passphrase.
EvpKDF: An OpenSSL compatible key derivation option.
Hash choice: SHA256 or higher is usually safer for modern testing scenarios.

Initialization vector

An IV is used in modes like CBC, CFB, CTR, and OFB to make ciphertext more unique.
This page generates a random IV for encryption and prepends it to the ciphertext for decryption.

Security considerations

AES is strong, but security depends heavily on how you configure and use it.

Passphrase strength

Use a strong, unique passphrase with mixed characters.
Avoid weak phrases such as password123.

Salt usage

Salt helps prevent precomputed lookup attacks.
Use unique salts and store them safely if decryption must be reproduced later.

Mode selection

Avoid ECB for sensitive repeated data.
Prefer CBC, CTR, CFB, or OFB for more realistic testing.

Encoding compatibility

Encryption does not support UTF-8 output.
Decryption expects HEX or Base64 input.
HEX input should contain valid characters and even-length bytes.

Operational caution

This page runs in the browser and is intended for learning and testing.
Production systems should use audited libraries, secure storage, and strong key management.

Comparing CBC and CTR on the same plaintext is a useful way to understand how mode choice changes output structure.

Applications of AES

AES is used widely across modern software and network systems.

Data protection

Disk encryption tools and protected archives commonly rely on AES.
File level encryption often uses AES to protect private documents.

Network security

HTTPS connections frequently rely on AES based ciphersuites.
Wireless security protocols such as WPA2 and WPA3 use AES.
VPN products use AES to secure remote traffic.

Financial systems

Online banking, mobile payment systems, and many wallet products use AES.
Private key related data is often wrapped or protected with AES derived keys.

Cloud and embedded systems

Cloud storage platforms encrypt data at rest with AES based systems.
IoT devices, vehicles, and connected medical products frequently use AES for data protection.

History of AES

AES replaced the aging DES standard, whose 56-bit key length became too weak. In 1997, NIST launched a competition to select a stronger standard. Belgian cryptographers Joan Daemen and Vincent Rijmen submitted the Rijndael algorithm, which was selected in 2000 and standardized as AES in 2001.

Key milestones

1997: NIST announces the search for a new standard.
1998 to 2000: Multiple candidate algorithms are evaluated.
2001: AES becomes an official standard.
After 2001: AES becomes a core part of modern security systems.

Why Rijndael was chosen

Security: Strong resistance to known attacks.
Efficiency: Good performance in software and hardware.
Flexibility: Support for multiple key lengths.

Advanced configuration tips

For users who want more control, these choices matter most:

Choosing key sizes

AES-128: Fast and strong for most general use.
AES-192: A middle ground with more overhead.
AES-256: Stronger but often slower in constrained environments.

Optimizing modes

Use CTR when you want high speed or parallel behavior.
Use CBC when you want a familiar, block-oriented mode with IV support.
Avoid ECB for anything pattern-sensitive.

Key derivation practices

PBKDF2 with SHA256 or higher is usually a better teaching default.
Higher iterations increase work factor but can slow processing.
Do not reuse salts carelessly across unrelated encryption tasks.

Validation

Test small samples first.
Compare outputs with trusted tools when accuracy matters.
Record settings carefully because mode, padding, and encoding must match during decryption.

Limitations and caveats

Client-Side Processing: Everything runs in the browser.
Passphrase Dependency: Weak passphrases reduce security dramatically.
No Key Management: This page does not store or manage secret material for you.
Browser Dependency: The page assumes a modern browser with JavaScript enabled.
Settings Must Match: Wrong encoding, mode, or padding will cause decryption failures.

Final tips

Start with simple defaults such as AES-128, CBC, Pkcs7, and SHA256.
Use strong passphrases and unique salts if you want more realistic tests.
Validate important outputs against a trusted cryptography library.
Use this page for education, experimentation, and quick verification.
Use professional guidance and audited implementations for real production security work.

Results are for educational and testing purposes only. Actual outputs may vary based on input accuracy, settings, or implementation details.

FAQs

Does encryption support UTF-8 output?▶

No. Encryption in this tool does not support UTF-8 output. Use HEX or Base64 for encrypted output.

Does decryption support UTF-8 input?▶

No. Decryption expects encrypted input in HEX or Base64 format.

What happens if I choose HEX output?▶

You can use the upper case and lower case buttons to normalize the HEX output after encryption or decryption.

Is this page suitable for sensitive production data?▶

This page is intended for educational and testing purposes. Sensitive production workloads should use audited libraries, strong key management, and secure operational controls.