AES Decryptor

Size: 0 B, 0 characters
Switch to Encryptor
Size: 0 B, 0 characters

Free AES Decryption Online

What is AES Decryption?

AES decryption reverses AES encryption when you have the correct key or password. If the password is wrong, or if the encrypted data has been changed, AES-GCM decryption fails instead of returning misleading text.

This AES decryptor is designed for encrypted JSON bundles produced by the UPREK AES Encryptor.

What is an AES Decryptor?

An AES decryptor takes ciphertext and the original password, derives the same AES key, and attempts to recover the plaintext. This tool reads the JSON bundle, extracts the salt, IV, KDF settings, and ciphertext, then decrypts locally in your browser.

The password must match the password used during encryption.

Supported Format

This tool supports version 1 AES-GCM bundles:

{
  "v": 1,
  "alg": "AES-GCM",
  "kdf": "PBKDF2",
  "hash": "SHA-256",
  "iterations": 600000,
  "keyLength": 256,
  "salt": "base64",
  "iv": "base64",
  "ciphertext": "base64"
}

It does not decrypt arbitrary AES-CBC, AES-CTR, OpenSSL, or CryptoJS formats.

How to Use This AES Decryption Tool

  1. Paste the encrypted JSON bundle into the input field.
  2. Enter the password used during encryption.
  3. Click Decrypt.
  4. Read the decrypted plaintext from the result field.

If decryption fails, check that the JSON is complete and that the password is exactly the same as the encryption password.

Data as Parameter

You can pre-fill only the encrypted input with the ?input= query parameter:

https://www.uprek.com/en/tools/aes-decryptor?input=%7B%22v%22%3A1%7D

The password is intentionally not supported as a URL parameter. Passwords in URLs can be saved in browser history, logs, analytics tools, screenshots, and referrer headers. Enter the password manually in the password field.

Large encrypted bundles are usually easier to paste into the page than to place in the URL.

Technical Details and Privacy

The decryptor uses crypto.subtle.deriveKey() with PBKDF2-HMAC-SHA-256, then calls crypto.subtle.decrypt() with AES-GCM. The authentication tag is included in the Web Crypto ciphertext output.

Your encrypted input and password are processed locally in the browser. The static UPREK page does not need a runtime server to decrypt the data.

Troubleshooting

  • Invalid JSON: The encrypted bundle was not pasted completely or has extra broken characters.
  • Unsupported bundle: The algorithm, version, key length, or KDF settings do not match this tool.
  • Unable to decrypt: The password may be wrong, or the salt, IV, or ciphertext may have been changed.

Security Notes

AES-GCM is authenticated encryption. Tampered ciphertext should fail to decrypt.

The password is required to recover the plaintext. If the password is lost, the encrypted data cannot be decrypted by this tool.