JSONToTable

Loading OpenSSL AES Tool...

How to Use OpenSSL AES Encrypt/Decrypt Tool

Compatible with OpenSSL salted payloads produced by `openssl enc -pbkdf2`.

Step 1

Choose Operation and Mode

Select whether to encrypt or decrypt and choose OpenSSL mode. This page matches OpenSSL salted payload format from `openssl enc`.

Supported modes: aes-128-cbc and aes-256-cbc.
PBKDF2 hash: SHA-256.
Salt format: OpenSSL `Salted__` header with 8-byte salt.

Example: Plain Input

db_password=Prod#2026
region=us-east-1
Step 2

Set Passphrase and Iterations

Enter passphrase and PBKDF2 iterations (default 10000). For encryption, salt can be regenerated. PBKDF2 behavior follows RFC 8018.

Higher iteration count increases brute-force resistance.
Use the same passphrase/mode/iterations for decryption.
Input ciphertext must be valid OpenSSL salted Base64.

Example: Salted Payload Prefix

U2FsdGVkX1...  (Base64 for "Salted__" + salt + ciphertext)
Step 3

Copy or Download Output

Use output in scripts, APIs, or CLI workflows.

Copy directly to clipboard for terminal usage.
Download output as text file for offline workflows.
For generic browser AES workflows, also use AES Encryption.
Step 4

Validate Compatibility

Ensure passphrase, iterations, mode, and payload format are identical across systems. Base64 handling should follow RFC 4648 and key storage should follow OWASP storage guidance.

Example: OpenSSL-Compatible Base64

U2FsdGVkX18M2HnqU+f9l7A33bOaP9hWbVJ9kXyUT4rL2WQmX2A=

Frequently Asked Questions

Is this compatible with OpenSSL CLI?

Yes, for OpenSSL AES-CBC flows using `enc -pbkdf2` salted payloads with matching mode and iteration count.

Why does decryption fail?

Common causes are wrong passphrase, mode mismatch, wrong iteration count, or non-OpenSSL salted ciphertext format.

Which modes are supported?

This page supports `aes-128-cbc` and `aes-256-cbc` in OpenSSL PBKDF2 salted format.

Does data leave my browser?

No. Encryption and decryption run client-side in your browser.

Related Tools

AES Encryption

AES encryptor online - Encrypt text, JSON, and files with AES-128 or AES-256. Support for CBC, GCM, and CTR cipher modes. Military-grade encryption with automatic key generation.

AES Decryption

AES decryptor online - Decrypt AES-encrypted data with AES-128 or AES-256. Support for CBC, GCM, and CTR modes. Restore your encrypted files securely.

AES Key & IV Generator

Generate secure AES-128 or AES-256 encryption keys and initialization vectors (IV) in hex or Base64 format.

AES-GCM Encrypt/Decrypt

Encrypt and decrypt data specifically in AES-GCM mode with AES-128 or AES-256 and Base64 ciphertext output.

AES-CBC Encrypt/Decrypt

Encrypt and decrypt data specifically in AES-CBC mode with AES-128 or AES-256 and Base64 ciphertext output.

AES-CTR Encrypt/Decrypt

Encrypt and decrypt data specifically in AES-CTR mode with AES-128 or AES-256 and Base64 ciphertext output.