PTBox

Online AES Encryption / Decryption

Online AES encryption tool built on Web Crypto API. Supports AES-GCM (recommended, authenticated) and AES-CBC. Key may be derived from a password (PBKDF2-SHA256) or supplied as a raw 16/24/32-byte hex key. Everything runs locally.

PTBox self-use format: salt/IV auto-generated, packed into a single Base64 string.

自包含格式:Base64( salt(16B) ‖ IV(12B) ‖ 密文+认证tag )

Usage

AES symmetric encryption. Two modes: self-contained (salt / IV packed into a single Base64 string) and interop (key, IV and ciphertext separately exposed for exchanging with other languages / systems).

Algorithms: AES-GCM (recommended, authenticated) / AES-CBC / AES-CTR (interop only). Password mode uses PBKDF2-SHA256 with a 16-byte random salt and 100,000 iterations.

Use cases

Encrypting sensitive DB fields

Encrypt fields like ID number or phone with AES before storing.

Client-to-server encryption

Encrypt the request body to defeat packet capture.

Secrets in config files

Encrypt DB passwords / API keys before checking config into git.

Cross-language interop

Use the interop mode to exchange ciphertexts with Python / Java / Go.

FAQ

AES-GCM or AES-CBC?

Prefer GCM — it includes an authentication tag that detects tampering. Use CBC only for legacy compatibility, and only with HMAC.

Is the password mode safe?

Uses PBKDF2-SHA256 with 16-byte random salt and 100,000 iterations. Weak passwords (like 123456) can still be brute-forced — use ≥ 12 chars.

Self-contained vs interop mode?

Self-contained packs salt + IV + ciphertext into one Base64 string. Interop exposes key / IV / ciphertext separately so other languages can consume it.

Why does decryption fail?

Wrong password, corrupted ciphertext, mismatched mode (GCM ciphertext won't decrypt as CBC), or wrong IV length in interop mode.

Related tools

Hash Calculator
RSA Crypto
AES File Encrypt
JWT Decoder

Comments

0 / 1000