Encryption Key Generator
Generate AES key bytes locally in Hex, Base64, or Base64URL, with an optional GCM nonce or CBC IV.
This tool asks the browser cryptographic random source for 16, 24, or 32 bytes. Those byte lengths map to AES-128, AES-192, and AES-256. A random encryption key is machine key material, not a memorable passphrase.
The three outputs represent the same bytes. Hex is longer and easy to inspect, Base64 is compact, and Base64URL replaces URL-sensitive characters and removes trailing padding. Changing the encoding does not change key strength.
- AES-GCM commonly uses a 12-byte nonce. It does not need to be secret, but it must not repeat under the same key.
- AES-CBC uses a 16-byte IV because AES has a 16-byte block size. CBC ciphertext also needs a separate integrity mechanism.
- Store the mode, encoding, nonce or IV, and other parameters with the ciphertext so the receiver can reproduce the operation.
- NIST FIPS 197 defines 128-, 192-, and 256-bit AES keys.
- NIST SP 800-38D specifies GCM and the commonly used 96-bit nonce length.
Is Base64 a stronger key format than hex?
No. Hex and Base64 are different text encodings of the same bytes. Strength comes from the random bytes and key length.
Can I reuse the generated nonce or IV?
Generate new companion bytes for every encryption operation. Reusing a GCM nonce with the same key can break the mode's security guarantees.
Does this page keep a copy of generated keys?
No. The page generates and displays values in the current browser tab without storing them. Your own clipboard, browser extensions, or destination application may handle copied values separately.