Why does AES encryption need a secret key?

AES na a symmetric algorithm, so di same key na used for both encryption and decryption. Di encrypted data fit only be recovered with di exact matching key.

What na di difference between CBC, CTR, and GCM?

CBC na a classic block mode, CTR works well for parallel and streaming workflows, and GCM adds authentication so it protects confidentiality and integrity at di same time.

Why must di IV or nonce be unique?

Reusing an IV or nonce weakens encryption security and fit be catastrophic in CTR and GCM mode, so each encryption run suppose use a fresh random value.

When suppose I choose Base64 or Hex output?

Base64 na more compact and better for APIs or JSON, while Hex na larger but easier to inspect byte by byte during debugging.

// crypto tool v2.0

AESLocker

BROWSER ONLY

WEB CRYPTO API

⚙

Algorithm setup

Mode

Key Size

Padding

Output Encoding

🔑

Key & IV Material

Secret Key

Requires32hex characters (256-bit)

IV / Nonce

The hex IV needs32characters (CBC/CTR=32, GCM=24)

⚠ Dis nonce has already been used in GCM mode.Reusing a nonce severely breaks encryption security, so please generate a fresh one.

⬇

Release to load di file

PLAINTEXT / INPUT

CIPHERTEXT / OUTPUT

Encryption complete - Raw binary bytes ready for di decryption tool

Export dis configuration (Mode / Key Size / Key / IV) so it fit be loaded directly in di decryption tool

Need decryption?

Ready - configure di key and click Encrypt

Algorithm

AES

CBC Mode

Key Strength

256

bits

Security Level

HIGH

Military Grade

Processed

bytes dis session

🔑

Why do you need a secret key?

AES na a symmetric cipher, so di same secret key na used for both encryption and decryption. Key length defines di protection level: 128-bit covers most everyday use cases, 192-bit na chosen for higher assurance environments, and 256-bit na di strongest common option used in finance and other security-sensitive systems.

The secret key must remain confidential. Anyone who gets di key fit decrypt di data, so avoid sharing it over unsafe channels and prefer randomly generated keys instead of manual input.

🎲

Why na an IV / nonce required?

The IV (Initialization Vector) or nonce makes sure dat encrypting di same content with di same key still produces different ciphertext each time, which helps prevent pattern-based attacks.

CBC and CTR use a 16-byte IV (32 hex characters), while GCM uses a 12-byte nonce (24 hex characters). Di IV does not need to stay secret, but it must be fresh for every encryption run and suppose never be reused.

⚙️

What does di encryption mode do?

AES works on fixed 16-byte blocks, and di selected mode controls how those blocks na chained together for data of any length.

CBC (Cipher Block Chaining): a classic and widely used mode for files and communication workflows.

CTR (Counter): turns AES into a stream-like mode dat fit be processed in parallel, making it well suited for large files.

GCM (Galois/Counter Mode): adds authentication on top of CTR, so it protects both confidentiality and integrity and na usually di best modern default.

📏

How suppose you choose di key size?

Longer keys raise di cost of brute-force attacks dramatically, although they also add a small performance overhead.

128-bit: strong enough for di vast majority of workloads and usually di fastest option.

192-bit: chosen when a higher security margin na required.

256-bit: di strongest standard option and a solid default when performance constraints na not critical.

📦

What does padding mean?

AES encrypts 16-byte blocks. If di input length na not a multiple of 16, di last block must be padded before encryption.

PKCS#7: fills di final block with bytes whose value equals di number of padding bytes, which makes removal precise during decryption.

Zero Padding: fills di remaining bytes with00. It na simple, but ambiguous when di original data fit naturally end with zero bytes.

🔠

What na output encoding?

Raw AES ciphertext na binary data, so it na often converted into a printable text format before transport or storage.

Base64: compact and well suited to APIs, JSON, and copy-paste workflows.

Hex: larger in size, but easier to inspect byte by byte during debugging and logging.