What does this AES decryption tool do?

It decrypts AES-encrypted text in your browser using the mode, key, IV, and padding you provide. No data is sent to a server.

Which AES modes and key sizes are supported?

CBC, CTR, and GCM with 128-, 192-, or 256-bit keys. GCM also needs an authentication tag, typically appended or provided separately.

What IV should I use?

GCM commonly uses a 12-byte IV; CBC/CTR use 16 bytes. Never reuse the same IV with the same key, especially for CTR or GCM.

Which input formats work?

Ciphertext and IV can be Base64 or Hex. Ensure the mode, padding, key length, IV, and tag (for GCM) match the original encryption settings.

Test your AI Agents with the all-new Agent to Agent Testing Platform.Learn More

Copied to Clipboard!

Power Your Software Testing with AI and Cloud

Supercharge QA with AI for Faster & Smarter Software Testing

Start free with Google Start free with Email

AES Decryption Online

Q: Do you store my keys or ciphertext?

No. All encryption and decryption happen locally in your browser; nothing is stored or transmitted to LambdaTest.

Advanced Encryption Standard(AES) is a symmetric encryption algorithm. AES encryption is used for securing sensitive but unclassified material by U.S. The AES engine requires a plain-text and a secret key for encryption and same secret key is used again to decrypt it.

What is AES decryption?
AES (Advanced Encryption Standard) is a symmetric cipher. This tool lets you decrypt AES ciphertext by providing the key, mode, IV/nonce, padding, and optional GCM authentication tag. Everything runs in your browser.
How to use the AES decryption tool
Paste your ciphertext (Base64 or Hex). If GCM, include the tag (often appended after the ciphertext) or paste it separately.
Enter the secret key and choose the correct key size (128/192/256 bits).
Provide the IV/nonce (12 bytes for GCM, 16 bytes for CBC/CTR) and select the matching mode and padding.
Click Decrypt to view the plaintext. Copy or download the result for your workflow.
Supported modes and padding
CBC: Use a 16-byte IV and PKCS5/PKCS7 padding. NoPadding isn’t supported in WebCrypto.
CTR: Stream-like; requires a unique 16-byte IV/nonce for every message.
GCM: Authenticated encryption; needs a 12-byte IV/nonce and an auth tag. Include the tag when decrypting.
Tips for successful decryption
Match mode, key length, IV/nonce, padding, and tag (for GCM) exactly to the original encryption.
Verify encodings: ciphertext/IV/tag can be Base64 or Hex—use the correct format switch if available.
Don’t reuse IVs with the same key; generate fresh IVs per encryption.
If decryption fails, double-check tag length (GCM) and that the IV is the right size.
AES best practices

Avoid ECB: ECB leaks patterns; stick to CBC, CTR, or GCM.
Use unique IVs: Generate a fresh IV per encryption; for GCM use 12 bytes, for CBC/CTR use 16 bytes.
Donâ€™t reuse keys across systems: Rotate keys and separate test/prod secrets.
Prefer authenticated encryption: GCM provides integrity; pair CBC/CTR with an HMAC.

Frequently Asked Questions

Which AES mode should I choose?

GCM is recommended because it encrypts and authenticates data. CBC is common for legacy systems; pair it with HMAC. CTR is stream-like and efficient but needs a unique IV per message.

What IV length do I need?

Use 12 bytes for GCM and 16 bytes for CBC or CTR. Reusing an IV with the same key weakens security, so generate a fresh IV every time.

Can this tool decrypt AES from other libraries?

Yes — match the mode, key size, padding, IV, and encoding (base64/hex). If the ciphertext is IV:ciphertext, paste it directly; otherwise, provide the IV separately.