AES, the Advanced Encryption Standard, is the current U.S. government standard for a symmetric-key encryption algorithm. A symmetric-key algorithm, also known as a secret key algorithm, is a cryp­togra­phy algorithm that uses the same cryp­togra­phic key for both plaintext encryption and ciphertext decryption.

AES has a block size of 128 bits and can have a key size of 128, 192, or 256 bits. AES is defined in the U.S. Federal Information Processing Standard (FIPS) 197 PDF* and it is included in the ISO/IEC 18033-3 standard. It can be implemented in either software or hardware. Modern web browsers provide a low-level interface to cryp­togra­phy functions via the W3C Web Cryp­togra­phy API*. This web app uses a key size of 256 bits, which is currently considered strong enough to protect U.S. government sensitive and important data. In this app, the key is generated from a passphrase by running it through the Password-Based Key Derivation Function 2 (PBKDF2, defined in IETF's RFC 2898*) one million times.

AES in Galois/Counter Mode PDF* or GCM is an authenticated encryption algorithm (AEAD, authenticated encryption with associated data). It provides confidentiality and integrity protection by generating both the ciphertext and an authentication tag in a single pass. During decryption, the ciphertext and the authentication tag are passed through the algorithm. If the calculated and expected authentication tags do not match, decryption fails. Unlike the commonly used CBC mode, GCM is not susceptible to padding oracle attacks PDF*. Nor has it the problems of ECB mode, which can reveal structures in the plaintext*. However, NIST* recom­mends* we should not encrypt more than 232 plaintexts with the same key while using a randomly generated initialization vector IV, like this app does. If we restrict the number of plaintexts to 10000, the probability of an IV collision is less than 2-70.

Bans and restrictions

Some countries have banned the import or use of strong cryp­togra­phy, such as 256 bit AES. No up-to-date list of these countries seems to be available, but we believe the list to include at least Belarus, Brunei Darussalam, China, Colombia, Cuba, Iran, Iraq, Mongolia, Myanmar, North Korea, Russia, Tunisia, Turkmenistan, and Uzbekistan. Some other countries may require a special license. Notice that this app does not contain cryptographic functions, they are provided by your web browser.