About The AES GCM Encrypt Decrypt

AES GCM Encrypt Decrypt encrypts text to Base64 ciphertext or decrypts Base64 ciphertext back to text using AES-GCM. It uses a passphrase-derived key and a 12-byte IV for short local testing workflows.

The cryptographic operation runs locally in your browser with Web Crypto when available. Use it for experiments and fixtures, not as a replacement for audited production key management.

How to Encrypt or Decrypt AES-GCM Online

1. Choose encrypt or decrypt mode.
2. Enter the passphrase and input text.
3. For decryption, paste the matching Base64 IV generated during encryption.
4. Run AES-GCM and copy the ciphertext, IV, or plaintext result.

Choosing Options Correctly

Mode:
Use encrypt for plaintext. Use decrypt only when the input is Base64 ciphertext and the IV is the exact Base64 IV from encryption.

IV:
AES-GCM requires a unique IV for each encryption. This tool generates one for encrypt mode and requires it for decrypt mode.

Common Use Cases

• Testing how an app handles AES-GCM ciphertext and IV fields.
• Creating short encrypted fixtures for local development.
• Learning why passphrase, ciphertext, and IV must match exactly.

Quick FAQ

Why did decryption fail?
AES-GCM rejects output if the key, IV, ciphertext, tag, or additional authenticated data does not match exactly.

Can I reuse an IV?
No. Reusing an IV with the same key in AES-GCM can break security. Use a fresh random IV for each encryption.

Is this suitable for production secrets?
Use it for learning, testing, or local checks. Production encryption should use reviewed application code and key management.

What should I save with the ciphertext?
You need the IV, authentication tag, algorithm settings, and any salt or KDF parameters needed to recreate the key.