AES Decryption Online Tool (Text & File)

Decrypt AES-encrypted text or files with the correct key, IV, key size, and cipher mode right in the browser.

Setup
Configure AES mode, key material, and input payload

Decryption Input

CBC requires IV and symmetric key settings to match decrypt side.
Swap
Result
Inspect output and parameter assumptions before reuse

Decrypted Output

loading CodersTool
Processing...

Try These Related Tools
AES Encryption
Argon2 Hash Generator
MD4 Hash Generator
Adler32 Checksum Generator
Crypto Hash Encoder
FNV Hash Generator
HAVAL Hash Encoder
SHA3-512 Hash Generator

About the AES Decryption Tool

The AES Decryption Tool reverses AES encryption — taking Base64 or hex-encoded ciphertext and returning the original plaintext. Provide the ciphertext, the same key and IV used during encryption, and the cipher mode (CBC or ECB) to decrypt AES-128, AES-192, or AES-256 encrypted data.

How to Use

  • Paste the ciphertext into the input field.
  • Select the input encoding that matches your ciphertext: Base64 or hexadecimal.
  • Select the key size used during encryption: AES-128, AES-192, or AES-256.
  • Choose the cipher mode — CBC or ECB — matching the mode used to encrypt the data.
  • Enter the decryption key (must be identical to the encryption key).
  • For CBC mode, enter the IV used during encryption. For ECB mode, no IV is required.
  • Click Decrypt to view the plaintext output.

What You Need to Decrypt AES Data

AES decryption requires four pieces of information that must exactly match the encryption parameters:

  • The ciphertext — the encrypted output, typically encoded as Base64 or hex.
  • The key — the exact key used to encrypt. AES is symmetric, so the same key decrypts as encrypted. A different key produces garbage output or a decryption error.
  • The IV (Initialization Vector) — required for CBC mode. Must be the same 16-byte IV used during encryption. Often prepended to the ciphertext in many implementations.
  • The cipher mode — CBC or ECB. Decrypting with the wrong mode will fail or produce corrupted plaintext.

Common AES Decryption Errors

  • Wrong key — AES produces no authentication error by default; a wrong key silently outputs garbage plaintext or fails padding validation. If you see corrupted output, verify the key matches exactly, including encoding (hex vs raw bytes).
  • Wrong IV — An incorrect IV corrupts only the first 16-byte block. If the first block of your decrypted output is garbled but the rest looks correct, the IV is wrong.
  • Encoding mismatch — If the ciphertext was stored as Base64 but you paste the raw bytes (or vice versa), decryption will fail. Always match the encoding setting to how the ciphertext was produced.
  • Padding error (bad decrypt) — Occurs when the key, IV, or mode is wrong enough that the padding bytes do not pass validation. The most common error message from AES libraries when parameters are mismatched.
  • IV embedded in ciphertext — Many libraries prepend the 16-byte IV to the ciphertext before encoding. If decryption fails with the correct key, try splitting off the first 16 bytes (32 hex characters or 24 Base64 characters) and using those as the IV.

AES Cipher Modes Explained

  • CBC (Cipher Block Chaining) — The industry default for most use cases. Each block depends on the previous, so each encryption is unique given a unique IV. Requires the IV to decrypt the first block.
  • ECB (Electronic Codebook) — Each 16-byte block is decrypted independently. Does not use an IV. Identical ciphertext blocks decrypt to identical plaintext — this leaks patterns in the data and should not be used for structured or sensitive data.
  • GCM (Galois/Counter Mode) — An authenticated encryption mode that also verifies data integrity. If your ciphertext was produced with GCM, it will include an authentication tag in addition to the IV; use a tool or library that supports AEAD decryption.

Frequently Asked Questions

I have the key but lost the IV — can I still decrypt?
In CBC mode, losing the IV means you cannot recover the first 16 bytes of the plaintext. The remaining blocks will decrypt correctly. Check whether the IV was prepended to the ciphertext (a common implementation pattern), stored alongside it, or derived from a fixed value in your application code.
Why does decryption produce garbage instead of an error?
AES-CBC has no built-in authentication. If the key or IV is wrong, the algorithm still produces output — it just decrypts to meaningless bytes. Only AES-GCM and other AEAD modes will fail explicitly when the key or data is wrong. If your output is not readable text, verify every parameter matches the encryption side.
My decrypted output has extra characters at the end — why?
PKCS7 padding adds bytes to fill the final 16-byte block. If your decryption library is not stripping padding automatically, enable it or strip the null/padding bytes manually. The padding bytes have a value equal to the number of bytes added (e.g., four padding bytes each have value 0x04).
Can I decrypt data encrypted by OpenSSL or other libraries?
Yes, provided you match the exact parameters. OpenSSL's default CBC encryption prepends "Salted__" plus an 8-byte salt when using a password-derived key; the key and IV are then derived from the password and salt using EVP_BytesToKey. If the ciphertext starts with "Salted__" in raw bytes, it was produced with OpenSSL password-based encryption and requires the original passphrase, not a raw key.
Is my data safe to paste here?
Decryption runs entirely in your browser — no data is sent to a server and nothing is logged or stored. That said, exercise caution when pasting production keys or sensitive plaintext into any web tool.


AES Explained (Advanced Encryption Standard)

Knowledge is power.

Francis Bacon

CodersTool Categories
Data & Format
Data & Format Tools
Encode Decode Tools
Base64 Tools
Unicode UTF Tools
Text Tools
Database Tools
Developer
Developer Tools
Code Editor Tools
Database Tools
Test Data Tools
Dev Calculators
Web & Markup
Site Diagnostics
Meta & Schema Tools
Network & Security
Network Tools
Security Tools
Encryption Tools
Reference
Cheat Sheets
Blog