AES Encryption and Decryption
If you need to know about AES encryption algorithm, please carefully read the instructions of this tool to set relevant parameters correctly.
The online AES encryption and decryption tool provides online AES encryption and decryption test. The encryption and decryption supports six encryption modes: CBC, CFB, OFB, CTR, GCM and ECB, and the input and output supports three formats: hex, string and Base64.
The symmetric-key block cipher plays an important role in data encryption. It means that the
same key is used for both encryption and decryption. The Advanced Encryption Standard (AES) is a
widely used symmetric-key encryption algorithm.
The length of a data block of AES encryption algorithm is 128 bits (16 bytes). If the length of the data to be encrypted is not a multiple of the block length, it is generally necessary to specify the padding method (except those that do not need to be padding) and align the data to be encrypted.
The length of AES encryption password supports three modes: 128 bits (16 bytes), 192 bits (24 bytes) and 256 (32 bytes). The length of the key must be one of these three lengths.
ECB (Electronic Code Book) : This mode of operation is the simplest of all. The plaintext is divided into blocks with a size of 128 bits. Then each block is encrypted with the same key and algorithm. Therefore, it produces the same result for the same block. This is the main weakness of this mode, and it's not recommended for encryption. It requires padding data.
CBC (Cipher Block Chaining) : In order to overcome the ECB weakness, CBC mode uses an Initialization Vector (IV) to augment the encryption. First, CBC uses the plaintext block xor with the IV. Then it encrypts the result to the ciphertext block. In the next block, it uses the encryption result to xor with the plaintext block until the last block. In this mode, encryption can't be parallelized, but decryption can be parallelized. It also requires padding data.
CTR (Counter) : This mode uses the value of a counter as an IV. It's very similar to OFB, but it uses the counter to be encrypted every time instead of the IV. This mode has two strengths, including encryption/decryption parallelization, and noise in one block does not affect other blocks.
OFB (Output FeedBack) : This mode can be used as a stream cipher. First, it encrypts the IV. Then it uses the encryption results to xor the plaintext to get ciphertext. It doesn’t require padding data, and won't be affected by the noisy block.
CFB (Cipher FeedBack) : This mode can be used as a stream cipher. First, it encrypts the IV, then it will xor with the plaintext block to get ciphertext. Then CFB encrypts the encryption result to xor the plaintext. It needs an IV. In this mode, decryption can be parallelized, but encryption can't be parallelized.
GCM (Galois/Counter Mode) : This mode is an extension of the CTR mode. The GCM has received significant attention and is recommended by NIST. The GCM model outputs ciphertext and an authentication tag. The main advantage of this mode, compared to other operation modes of the algorithm, is its efficiency.
- Padding : Select whether to padding and how to pad the data blocks. Different encryption modes have different padding methods. You can try to switch different padding methods for combination. Only pkcs5padding or nopadding can be used in GCM mode.
- Password : The password used for AES encryption and decryption will use the selected character set to convert the input password into a byte array. The length of the byte array is limited to 16, 24, or 32.
- IV : Initialize vector IV, which is not supported in ECB mode. The length of IV is 128 bits (16 bytes).
- In-Format : The format of input content can be string, hexadecimal string and base64 string. For AES decryption, the input format does not support string.
- Out-Format : The output format of the encrypted result or decrypted original content. For AES encryption, the output format does not support string.
- Charset : The selected charset will be used to convert the password and initialization vector into byte array, and the selected charset will be used for string-byte conversion of input and output format.
- Tag Len : Tag length. Only GCM encryption mode supports this field.