AES Encryption Online Tool

Encrypt text in the browser with configurable AES key size, mode, IV, and secret key for development and test workflows.

Setup
Configure AES mode, key material, and input payload

Encryption Input

CBC requires IV and symmetric key settings to match decrypt side.
Swap
Result
Inspect output and parameter assumptions before reuse

Encrypted Output

loading CodersTool
Processing...

Try These Related Tools
AES Decryption Tool
SHA3-512 Hash Generator
SHA3-256 Hash Generator
SHA3-384 Hash Generator
HMAC Generator
SHA-384 Hash Generator
SHA-224 Hash Generator
FNV Hash Generator

About the AES Encryption Tool

The AES Encryption Tool encrypts plaintext using the Advanced Encryption Standard (AES) algorithm — the symmetric cipher mandated by NIST and used in TLS, file encryption, and secure APIs worldwide. Select a key size (128, 192, or 256-bit), a block cipher mode (CBC or ECB), and provide a key and IV to produce Base64 or hex-encoded ciphertext.

How to Use

  • Enter the plaintext you want to encrypt in the input field.
  • Select the key size: AES-128, AES-192, or AES-256.
  • Choose the cipher mode — CBC (recommended) or ECB.
  • Provide a key matching the required length (16, 24, or 32 bytes for 128/192/256-bit).
  • For CBC mode, provide a 16-byte Initialization Vector (IV). ECB mode does not use an IV.
  • Select output encoding: Base64 or hexadecimal.
  • Click Encrypt. Copy the ciphertext output for use in your application or for decryption testing.

AES Key Sizes

  • AES-128 — 128-bit key (16 bytes). The fastest option and sufficient for most applications. Used widely in TLS and disk encryption.
  • AES-192 — 192-bit key (24 bytes). Rarely used in practice; provides a marginal security increase over AES-128 with slightly lower performance.
  • AES-256 — 256-bit key (32 bytes). The strongest variant and the standard for high-security applications, government systems, and long-term data protection.

CBC vs ECB Mode

The cipher mode controls how AES processes blocks of data beyond the first 16-byte block.

  • CBC (Cipher Block Chaining) — Each plaintext block is XORed with the previous ciphertext block before encryption. Requires a random IV. Identical plaintext blocks produce different ciphertext — the standard choice for secure encryption.
  • ECB (Electronic Codebook) — Each block is encrypted independently. Identical plaintext blocks always produce identical ciphertext, which leaks structural information. ECB is suitable only for single-block payloads or testing; avoid it for real data.

Common AES Encryption Errors

  • Wrong key length — AES-128 requires exactly 16 bytes, AES-192 requires 24, and AES-256 requires 32. A key that is too short or too long will cause the encryption to fail or produce incorrect output.
  • IV length mismatch — The IV must always be exactly 16 bytes (128 bits) regardless of key size. A common mistake is using the key length for the IV length.
  • Missing IV in CBC mode — CBC mode requires a unique, unpredictable IV for every encryption operation. Reusing IVs with the same key weakens security significantly.
  • Encoding mismatch — Ciphertext output is binary data. Always specify an encoding (Base64 or hex) when storing or transmitting encrypted output, and use the same encoding when decrypting.
  • Padding issues — AES operates on 16-byte blocks. Plaintext that is not a multiple of 16 bytes requires padding (PKCS7 is standard). Mismatched padding schemes between encrypt and decrypt cause decryption failures.

Frequently Asked Questions

Is AES encryption safe for production use?
AES is the gold standard symmetric cipher and is safe for production when used correctly — AES-256 with CBC or GCM mode, a random IV per encryption, and proper key management. This tool is intended for testing, learning, and verifying encryption logic, not for key management or key storage.
What is the difference between symmetric and asymmetric encryption?
AES is symmetric — the same key encrypts and decrypts the data. Asymmetric encryption (RSA, ECC) uses a public/private key pair. Symmetric encryption is orders of magnitude faster and is used for bulk data; asymmetric is used to exchange the symmetric key securely.
What should I use as the key and IV?
In production systems, keys must be generated using a cryptographically secure random number generator and stored in a secrets manager or key management service — never hardcoded. The IV should be randomly generated for each encryption operation and transmitted alongside the ciphertext (the IV is not secret, only the key is).
Why does my decrypted output contain extra characters?
PKCS7 padding adds bytes to fill the final block. If your decryption library is not stripping the padding automatically, enable unpadding or strip the padding manually. This is the most common cause of unexpected characters at the end of decrypted output.
Does this tool store my plaintext or key?
No data is sent to a server. Encryption runs entirely in your browser. Your plaintext, key, and IV are never transmitted or logged.


AES Explained (Advanced Encryption Standard)

If you automate a mess, you get an automated mess.

Rod Michael

CodersTool Categories
Data & Format
Data & Format Tools
Encode Decode Tools
Base64 Tools
Unicode UTF Tools
Text Tools
Database Tools
Developer
Developer Tools
Code Editor Tools
Database Tools
Test Data Tools
Dev Calculators
Web & Markup
Site Diagnostics
Meta & Schema Tools
Network & Security
Network Tools
Security Tools
Encryption Tools
Reference
Cheat Sheets
Blog