What does this AES decryption tool do?

It decrypts AES-encrypted text in your browser using the mode, key, IV, and padding you provide. No data is sent to a server.

Which AES modes and key sizes are supported?

CBC, CTR, and GCM with 128-, 192-, or 256-bit keys. GCM also needs an authentication tag, typically appended or provided separately.

What IV should I use?

GCM commonly uses a 12-byte IV; CBC/CTR use 16 bytes. Never reuse the same IV with the same key, especially for CTR or GCM.

Which input formats work?

Ciphertext and IV can be Base64 or Hex. Ensure the mode, padding, key length, IV, and tag (for GCM) match the original encryption settings.

Copied to Clipboard!

Next-Gen App & Browser Testing Cloud

Trusted by 2 Mn+ QAs & Devs to accelerate their release cycles

Start free Testing

AES Decryption Online

Q: Do you store my keys or ciphertext?

No. All encryption and decryption happen locally in your browser; nothing is stored or transmitted to TestMu AI.

Advanced Encryption Standard(AES) is a symmetric encryption algorithm. AES encryption is used for securing sensitive but unclassified material by U.S. The AES engine requires a plain-text and a secret key for encryption and same secret key is used again to decrypt it.

What is AES decryption?
AES (Advanced Encryption Standard) is a symmetric cipher. This tool lets you decrypt AES ciphertext by providing the key, mode, IV/nonce, padding, and optional GCM authentication tag. Everything runs in your browser.
How to use the AES decryption tool
Enter Input: Add your plain text for encryption or your AES-encrypted text for decryption.
Select Cipher Mode: Choose the AES mode (CBC, ECB, etc.). Use the same mode for decryption that was used during encryption.
Choose Padding: Pick the padding method required for your operation (must match during decryption).
Add IV (If Required): Enter the Initialization Vector if your selected cipher mode uses one. For decryption, use the exact IV from encryption.
Set Key Size: Select the key length (128/192/256 bits). This must match between encryption and decryption.
Enter Secret Key: Provide the key used for encryption. Use the same key while decrypting.
Select Output Format: Choose how you want the result displayed - Base64, Hex, or Plain Text (for decrypted output).
Run the Action: Click Encrypt to generate encrypted output or Decrypt to retrieve the original text.
Supported modes and padding
CBC: Use a 16-byte IV and PKCS5/PKCS7 padding. NoPadding isn’t supported in WebCrypto.
CTR: Stream-like; requires a unique 16-byte IV/nonce for every message.
GCM: Authenticated encryption; needs a 12-byte IV/nonce and an auth tag. Include the tag when decrypting.
Tips for successful decryption
Match mode, key length, IV/nonce, padding, and tag (for GCM) exactly to the original encryption.
Verify encodings: ciphertext/IV/tag can be Base64 or Hex—use the correct format switch if available.
Don’t reuse IVs with the same key; generate fresh IVs per encryption.
If decryption fails, double-check tag length (GCM) and that the IV is the right size.
AES best practices

Avoid ECB: ECB leaks patterns; stick to CBC, CTR, or GCM.
Use unique IVs: Generate a fresh IV per encryption; for GCM use 12 bytes, for CBC/CTR use 16 bytes.
Donâ€™t reuse keys across systems: Rotate keys and separate test/prod secrets.
Prefer authenticated encryption: GCM provides integrity; pair CBC/CTR with an HMAC.

Frequently Asked Questions (FAQs)

Which AES mode should I choose?

GCM is recommended because it encrypts and authenticates data. CBC is common for legacy systems; pair it with HMAC. CTR is stream-like and efficient but needs a unique IV per message.

What IV length do I need?

Use 12 bytes for GCM and 16 bytes for CBC or CTR. Reusing an IV with the same key weakens security, so generate a fresh IV every time.

Can this tool decrypt AES from other libraries?

Yes, match the mode, key size, padding, IV, and encoding (base64/hex). If the ciphertext is IV:ciphertext, paste it directly; otherwise, provide the IV separately.