AES-GCM Encrypt

Encrypt plaintext locally and keep the key, IV, ciphertext, and auth tag visible

Safety note: AES-GCM encryption and decryption stay in your browser. Treat keys and IVs as sensitive bytes, and keep the auth tag paired with the exact ciphertext it came from.

Encrypt with AES-GCMPaste plaintext, generate or paste the key and IV, and get ciphertext plus auth tag without leaving the browser

Generate fresh key and IV bytes, or paste existing values from another implementation to compare output exactly.

Key length

Key encoding

IV encoding

Output encoding

AES key

Plaintext

Ciphertext

What It Encrypts

AES-GCM combines confidentiality and authentication. You need the exact key, IV, ciphertext, and auth tag bytes to get a successful decrypt. This page keeps those pieces visible instead of hiding them behind one opaque payload field.

Run the AES-GCM Workflow

Choose the same encoding your app or library already uses for keys, IVs, ciphertext, and tags.
Enter the plaintext and click Encrypt with AES-GCM to get the ciphertext and the separate auth tag.
Keep the IV and auth tag with the ciphertext. AES-GCM decryption needs all three outputs later.
Copy the individual values, not just the combined output, when you need to compare another implementation.

Why Exact Bytes Matter

The most common AES-GCM failures are byte mismatches, not algorithm mismatches. A hex key pasted as Base64, an IV with one missing byte, or a tag separated from the wrong ciphertext will all fail even though the mode name is “correct.”