AES Encrypt / Decrypt

What is AES encryption?

AES (Advanced Encryption Standard) is the global standard for symmetric encryption, adopted by the U.S. government and used worldwide to protect sensitive data. It encrypts data in 128-bit blocks using key lengths of 128, 192, or 256 bits. AES is fast, highly secure, and implemented in hardware on virtually every modern processor.

This tool supports all five standard modes of operation — CBC, CFB, CTR, OFB, and ECB — and both PBKDF2 and EvpKDF key derivation from passwords. AES-256-CBC is recommended for all new applications requiring strong encryption.

AES is used everywhere data needs to be protected. HTTPS/TLS connections use AES (typically AES-128-GCM or AES-256-GCM) to encrypt web traffic between your browser and servers. Full-disk encryption on macOS (FileVault), Windows (BitLocker), and Linux (LUKS) all use AES-256. Password managers like 1Password and Bitwarden encrypt vaults with AES-256. Cloud storage services encrypt data at rest with AES. VPN protocols (WireGuard, IPsec, OpenVPN) rely on AES for tunnel encryption. Even the U.S. government classifies AES-256 as suitable for TOP SECRET information.

The mode of operation determines how AES processes data longer than a single 128-bit block. CBC (Cipher Block Chaining) chains each block to the previous one via XOR, providing strong diffusion but requiring sequential processing. CTR (Counter) mode turns AES into a stream cipher by encrypting incrementing counter values, allowing parallel processing and random access to encrypted data. CFB and OFB are streaming modes that convert AES into a self-synchronizing or synchronous stream cipher respectively. ECB (Electronic Codebook) encrypts each block independently, which means identical plaintext blocks produce identical ciphertext blocks — this leaks patterns and should never be used in practice. For a comprehensive comparison of encryption algorithms, see our encryption algorithms guide.

Frequently asked questions