Encryption Tool

AES-256 encryption/decryption utility with secure key generation and format preservation.

Input Text

Encryption Key

Key Length

Output

How AES-256 Works

Key Expansion

Generates 14 unique round keys from the master key

SubBytes

Non-linear substitution using S-box

ShiftRows

Byte shifting within rows

Mix Columns

Diffusion across columns using finite field math

AddRoundKey

XOR with round key

JavaScript Implementation


const { AES } = require('crypto-js');

function encrypt(data, key) {
    const keyBytes = CryptoJS.enc.Utf8.parse(key);
    const encrypted = AES.encrypt(data, keyBytes, {
        mode: CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7
    });
    return encrypted.toString();
}

function decrypt(cipher, key) {
    const keyBytes = CryptoJS.enc.Utf8.parse(key);
    const decrypted = AES.decrypt(cipher, keyBytes, {
        mode: CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7
    });
    return decrypted.toString(CryptoJS.enc.Utf8);
}

Production use requires: 256-bit key, secure random IV generation

Important Security

⚠️ Key Management

Never store plaintext keys on servers
Use hardware security modules for critical systems
Implement key rotation policies (every 90 days max)

🛠 Implementation

Always use authenticated encryption (GCM preferred)
Generate unique IV for each encryption operation
Validate input length constraints

Technical Details

Feature	Implementation
Encryption Algorithm	AES-256
Key Derivation	PBKDF2 with HMAC-SHA256
Operating Mode	CBC (with random IV)
Padding Scheme	PKCS7
Output Format	Base64 encoded
Security Compliance	FIPS 140-2, NIST SP 800-38D