Symmetric encryption · AES-GCM

AES-GCM Encryption & Authentication

Encrypt or decrypt data with AES-GCM while keeping every byte on your device. Configure the key, nonce, AAD, and tag length to export ciphertext with integrity or to verify inbound payloads.

AES-GCM encryption

Run authenticated encryption entirely in your browser. Configure keys, nonces, AAD, and tag lengths to export ciphertext + auth tags, or supply those values to verify and recover plaintext.

Plaintext input

Ciphertext + tag output

The result is ciphertext concatenated with the tag.

Operation

Tag length

Key size

Secret key

Short keys are zero-padded; longer inputs are truncated.

Nonce / IV

Nonces must match on both sides and should never be reused with the same key.

Additional authenticated data (optional)

AES-GCM tips

AES-GCM layers a GHASH authenticator on top of CTR mode, so ciphertext and auth tags must always travel together. Any bit flip or mismatch during decryption causes authentication to fail.

Never reuse a nonce with the same key. Twelve random bytes are the de facto standard, and longer tags mean stronger integrity guarantees. Additional authenticated data (AAD) is left in the clear but still protected by the tag.

No padding is required—GCM accepts any plaintext length. Make sure both parties agree on key size, nonce, AAD, tag length, and encodings before exchanging data.