Encryption Keys and AES-128/192/256

Encryption turns readable data into ciphertext that only someone with the right key can reverse. The Advanced Encryption Standard (AES) is the symmetric cipher behind most of it — disk encryption, TLS, messaging, database fields. "Symmetric" means the same key both encrypts and decrypts, so protecting that key is the whole game.

AES-128 vs AES-192 vs AES-256

The number is the key length in bits. All three are considered secure; the difference is the size of the key and the number of internal rounds.

• AES-128 — 16-byte key, 10 rounds. Already beyond brute-force reach.
• AES-192 — 24-byte key, 12 rounds.
• AES-256 — 32-byte key, 14 rounds. The common default and a requirement in many compliance regimes; also the conservative choice against future (including quantum) advances.

AES-128 is not "weak" — no practical brute-force attack exists — but AES-256 costs little extra and provides more margin, which is why it's the usual recommendation.

The key is not enough: modes, IVs, and nonces

AES alone encrypts a single 16-byte block. To encrypt real data you use a mode of operation. Prefer an authenticated mode like AES-GCM, which provides both confidentiality and tamper detection.

• IV / nonce. An initialization vector (or nonce) ensures that encrypting the same plaintext twice yields different ciphertext. For AES-GCM it is 96 bits (12 bytes). It does not need to be secret, but it must be unique per encryption with the same key — reusing a GCM nonce is catastrophic.
• Auth tag. GCM produces a tag that verifies the ciphertext wasn't altered. Always check it on decryption.

Where salts come in

If your key is derived from a password rather than generated randomly, you use a key-derivation function (PBKDF2, scrypt, or Argon2) with a random salt. The salt makes each derived key unique and defeats precomputation. Store the salt and IV alongside the ciphertext — both are fine to keep in the clear; only the password/key stays secret.

Generating and storing keys

• Generate from a CSPRNG. A 256-bit AES key is 32 random bytes from a secure source.
• Store separately from data. Keep keys in a secrets manager or KMS, not next to the database they protect.
• Plan rotation. Version your keys so you can rotate without losing access to older ciphertext.
• One key, one purpose. Don't reuse an encryption key as a signing or JWT secret.

Generate an AES key now

The Encryption tab generates 128-, 192-, and 256-bit keys as hex, Base64, Base64URL, or byte arrays, with options to include a 96-bit IV and a 128-bit salt — all created locally in your browser.