AES Encrypt

AES (Advanced Encryption Standard) is a symmetric block cipher that encrypts 128-bit blocks using keys of 128, 192, or 256 bits. It applies multiple rounds of substitution, permutation, and mixing operations. AES-256 uses 14 rounds for maximum security.

AES-128: fast, secure for most applications. AES-192: rarely used. AES-256: highest security, required for government/military classified data. AES-128 is sufficient for commercial use. AES-256 adds a safety margin against future quantum computing threats.

ECB: simplest but insecure (identical blocks produce identical ciphertext). CBC: uses IV, each block depends on the previous one. GCM: counter mode with authentication, fastest and most secure. Always use GCM or CBC, never ECB for sensitive data.

An IV is a random value used with CBC and GCM modes to ensure identical plaintexts produce different ciphertexts. IV must be unique per encryption (never reuse with the same key). CBC IV: 16 bytes. GCM nonce: 12 bytes. The tool generates random IVs automatically.

Never hardcode keys in source code. Use environment variables, key management services (AWS KMS, Azure Key Vault), or hardware security modules (HSM). Rotate keys periodically. Use key derivation functions (PBKDF2, Argon2) to derive keys from passwords.