AES-GCM Encrypt / Decrypt

AES-GCM provides confidentiality and integrity when used with unique nonces and proper key derivation.
Pack format (Base64): [salt(16) | iv(12) | ciphertext]. Always use a unique IV per message.

About AES-GCM

AES-GCM is an authenticated encryption mode that ensures confidentiality and integrity. This demo derives a key from a passphrase using PBKDF2 (SHA-256) with configurable iterations.

AES-GCM encrypt/decrypt online  in-browser, no upload (FAQs)

FAQs

Why use AES-GCM?
AES-GCM provides confidentiality and integrity with a built-in MAC (GCM tag).
What must be unique?
The IV (nonce) must be unique per key. Never reuse an IV with the same key.
How to derive keys from passphrases?
Use a KDF (Argon2, scrypt, or PBKDF2) with a random salt to derive an AES key from a passphrase.
Does this AES-GCM tool upload my data?
No. All operations happen in your browser (client-side).

Related tools

AES-GCM encryption FAQs

FAQs

Nonce size?
12 bytes recommended; never reuse nonce with same key.
AAD?
Additional Authenticated Data is bound to ciphertext but not encrypted.