Why must AES decryption use di same key as encryption?

AES na a symmetric cipher, so decryption only works when di exact same key from di encryption step na used again.

Why do di IV or nonce values also need to match?

CBC, CTR, and GCM all depend on di IV or nonce as part of di encryption state. Using a different value during decryption produces di wrong result or an outright failure.

Why does GCM report an authentication failure?

GCM checks integrity as well as confidentiality. If di key, nonce, or ciphertext does not match perfectly, authentication fails and di output na rejected.

What na di difference between uploading an .enc file and pasting Base64 or Hex?

An uploaded .enc file na processed as raw bytes directly. When you paste text ciphertext instead, you need to choose di correct Base64 or Hex encoding first.

// crypto tool v2.0

AESUnlocker

BROWSER ONLY

WEB CRYPTO API

Go to encrypt tool

⚙

Algorithm setup

Mode

Key Size

Padding

🔑

Key & IV Material

Secret Key

The hex key needs64characters (32 bytes)

IV / Nonce

The hex IV needs32characters (CBC/CTR=32, GCM=24)

⬇

Release to load di .enc file

CIPHERTEXT / INPUT

PLAINTEXT / OUTPUT

Decrypted file ready to download

Need encryption?

Ready - enter di key, IV, and ciphertext, then click Decrypt

Algorithm

AES

CBC Mode

Key Strength

256

bits

Security Level

HIGH

Military Grade

Decrypted

bytes dis session

🔑

Why do you need a secret key?

AES na a symmetric cipher, so di same key na used for both encryption and decryption. During decryption,the key must match di encryption key exactly; even a one-character difference go cause failure or unreadable output.

The secret key must remain confidential. Anyone who has di key fit decrypt di data, and if di key na lost, di encrypted content may be impossible to recover.

🎲

Why na an IV / nonce required?

The IV or nonce must match di value used during encryption exactly, otherwise di decrypted result go be invalid. CBC and CTR use a 16-byte IV (32 hex characters), while GCM uses a 12-byte nonce (24 hex characters).

The IV normally travels with di ciphertext and does not need to stay secret, but if it na missing, proper decryption na no longer possible.

⚙️

The encryption mode must match exactly

The mode selected here must be identical to di one used during encryption, otherwise decryption go fail or produce unreadable output.

CBCna a common block mode dat requires an IV.CTRbehaves more like a stream and na fast for large data.GCMadds integrity checks, so tampered ciphertext fails immediately.

📏

The key size must match di encryption step

Key size determines di AES round count, and encryption and decryption must use di same key length.

If di wrong key size na selected, key import fails immediately because di key length no longer matches di chosen AES variant.

📦

Padding must match di encryption step

After decryption, di tool removes padding according to di selected scheme. If di padding mode na wrong, di output may end with garbage bytes or fail entirely.

PKCS#7na di most common choice and removes padding precisely.Zero Paddingtrims trailing00bytes and na only safe when di original length na known.

🔠

Input encoding: what format na di ciphertext in?

The encryption tool outputs encoded text ciphertext. To decrypt it correctly, choose di same encoding so di browser fit rebuild di original bytes before running AES decryption.

Base64uses letters, numbers, and+/=, often with trailing padding.Hexuses0-9anda-fwith two characters per byte. If you upload a binary .enc file, di encoding choice na ignored automatically.