Skip to content
Kordu Tools Kordu Tools

AES Decrypt

Runs in browser

Decrypt AES ciphertext in your browser. Supports GCM, CBC, CTR, and ECB modes with 128/192/256-bit keys. Password never transmitted.

Last updated 02 Apr 2026

Paste Base64 AES ciphertext, select the matching algorithm, enter your password, and get your plaintext back. Supports AES-256-GCM, AES-CBC, AES-CTR, and AES-ECB. 100% client-side via WebCrypto — your password and ciphertext are never uploaded.

AES-256-GCM — recommended. Authenticated encryption with a 256-bit key.

Looking for AES Decrypt?

Save the encrypted output and your password — without both, data cannot be recovered.
Loading rating…

How to use

  1. 1

    Switch to Decrypt mode

    The AES tool opens in Encrypt mode by default. Click the 'Decrypt' tab to switch.

  2. 2

    Select the matching algorithm

    Choose the same AES algorithm used during encryption (e.g. AES-256-GCM). Using the wrong mode or key size will cause decryption to fail.

  3. 3

    Enter your password

    Type the same passphrase used during encryption. The key is re-derived using PBKDF2 with the salt stored inside the ciphertext.

  4. 4

    Paste the Base64 ciphertext

    Paste the full Base64-encoded ciphertext into the input panel.

  5. 5

    Copy the plaintext

    The decrypted plaintext appears in the output panel. Click Copy to copy it.

Frequently asked questions

What do I need to decrypt AES ciphertext?
You need the Base64 ciphertext, the AES mode and key size used during encryption (e.g. AES-256-GCM), and the original passphrase. The random salt and IV are embedded in the ciphertext, so no additional data is required.
Is this tool safe? Is my password sent to a server?
No data is transmitted. Decryption runs entirely in your browser using the Web Crypto API. Your password and ciphertext never leave your device.
Are inputs sent to a server?
No. All AES decryption is performed locally using the browser's native WebCrypto API. There are zero network requests during decryption.
Why does decryption fail with the correct password?
Common causes: wrong algorithm selected (e.g. CBC vs GCM), wrong key size (128 vs 256), truncated or corrupted ciphertext, or the ciphertext was not produced by the AES Encrypt tool on this site. GCM mode also fails if the ciphertext or authentication tag has been modified.
Can I decrypt OpenSSL AES output here?
No — OpenSSL uses EVP_BytesToKey for key derivation and a different header format, not PBKDF2. This tool is designed for ciphertext produced by the matching AES Encrypt tool on this site.
What is AES-GCM authentication?
GCM (Galois/Counter Mode) appends an authentication tag to the ciphertext. During decryption, the tag is verified before any plaintext is released. If the ciphertext or tag has been tampered with, decryption throws an authentication error instead of returning corrupt data.
What is the difference between AES-GCM and AES-CBC?
AES-GCM provides authenticated encryption — it detects tampering automatically. AES-CBC is an older mode that only encrypts; it does not verify integrity. For new implementations, always prefer AES-GCM.
Does this tool support file decryption?
This tool handles text decryption. For binary file decryption, Base64-encode the file before encrypting, then recover the Base64 string via decryption and use the Base64 Decoder to download the file.
How is the key derived from my password?
PBKDF2 with SHA-256 and 100,000 iterations stretches your passphrase into a strong AES key. The random 16-byte salt used during this derivation is embedded in the ciphertext, so the same passphrase always regenerates the exact key.

Decrypt AES-encrypted ciphertext directly in your browser using the

WebCrypto API. All cryptographic operations run on your device — no

data is transmitted.

**This tool reverses AES encryption** produced by the AES Encrypt tool on

this site. Paste the Base64 ciphertext, select the same algorithm used

during encryption, enter the passphrase, and your plaintext is recovered.

**Supported modes:**

- **AES-256-GCM / AES-192-GCM / AES-128-GCM** — authenticated encryption.

GCM decryption verifies integrity automatically; if the ciphertext was

tampered with, decryption fails with an authentication error.

- **AES-256-CBC / AES-128-CBC** — classic block cipher mode with PKCS7 padding.

- **AES-256-CTR / AES-128-CTR** — stream cipher mode, no padding required.

- **AES-128-ECB / AES-256-ECB** — no IV; not recommended but supported for

compatibility.

**Key derivation:** The passphrase is derived using PBKDF2 (SHA-256,

100,000 iterations) with the random salt embedded in the ciphertext. You

only need the ciphertext and your original password.

**Privacy:** Your key never leaves your browser. Nothing is transmitted.

Related tools

AES Encrypt

Encrypt text with AES-256-GCM, AES-CBC, AES-CTR, or AES-ECB in your browser. PBKDF2 key derivation, random IV, zero uploads.

RSA Decrypt

Decrypt RSA-OAEP ciphertext with your PEM private key in the browser. Supports RSA-2048 and RSA-4096. Private key never transmitted.

Base64 Decoder

Decode Base64 or Base64URL strings to plain text or download as a binary file. Handles MIME line-wrapping and PEM certificates automatically.

SHA-256 Hash Generator

Generate SHA-256 hashes from text instantly. WebCrypto hardware-accelerated, real-time output. Used in Bitcoin, TLS, and digital signatures. Zero uploads.

Bcrypt Hash Generator

Generate bcrypt hashes with configurable cost factor (4–31). Auto-salted, rainbow-table resistant, fully browser-based. Recommended for secure password storage.

Learn more

API Authentication Methods Compared: OAuth, JWT, API Keys

Compare API authentication methods with real HTTP examples. OAuth 2.0, JWT, API keys, and session tokens explained. 78% of breaches involve weak auth.