Tools / AES Decryptor
AES Decryptor (CBC, GCM, CTR, ECB)
Decrypt AES ciphertexts when you already have the key. Supports the four common modes, accepts hex / base64 / UTF-8 inputs for each field, and shows the plaintext as UTF-8, hex, and base64 simultaneously. Built on the browser’s Web Crypto API; nothing is sent to a server.
Picking the right mode
- AES-CBC - 16-byte IV, ciphertext length is a multiple of 16 (PKCS#7 padded). The most common mode in CTF challenges and legacy web apps.
- AES-GCM - 12-byte nonce (sometimes 16), ciphertext = encrypted bytes followed by a 16-byte authentication tag. Browsers expect the tag concatenated to the ciphertext.
- AES-CTR - 16-byte counter (initial counter block), ciphertext is any length (no padding).
- AES-ECB - no IV, ciphertext is a multiple of 16. Reuses the same key for every block, which is why repeated plaintext blocks produce repeated ciphertext blocks. ECB is intentionally insecure but shows up in beginner CTF challenges.
Common mistakes: wrong IV format (hex vs base64), wrong key length (32 hex chars = 16 bytes = AES-128), and forgetting that AES-GCM needs the auth tag concatenated to the ciphertext. If the decrypt errors with OperationError the most likely culprits are key length, IV length, or a corrupted ciphertext.
For challenges where you do not have the key, you may need to attack the cipher construction: padding oracles for AES-CBC, IV reuse / nonce reuse for GCM, repeated-block analysis for ECB. The dedicated decrypt tools complement (rather than replace) the XOR Cipher and RSA Calculator for asymmetric setups.