Symmetric Encryption - AES-256 / SM4 - Momo Toolbox
Symmetric Encryption
AES-256-GCM/CBC & SM4 local encryption
Symmetric Encryption Tutorial
Pick encrypt/decrypt, algorithm (AES-GCM recommended / SM4-CBC Chinese standard), key source (password or hex). For encryption, input plaintext to get base64 ciphertext; reverse for decryption.
View detailed tutorial →Loading tool...
AES key is 32 bytes (256-bit). Password mode derives via PBKDF2 (100k iterations) + random salt; hex mode needs 64 hex chars.
Derives a 256-bit key via PBKDF2 (100,000 iterations + SHA-256); random salt is embedded in ciphertext.
Implementation Notes:
• Uses native Web Crypto API; keys never leave the browser
• GCM IV is 12 bytes, CBC IV is 16 bytes, both randomly generated
• Password mode: ciphertext = base64(salt[16] + iv + ciphertext), salt embedded
• Hex mode: ciphertext = base64(iv + ciphertext)
• GCM is recommended (authenticated, tamper-detecting); CBC only for legacy compat
Symmetric Encryption - Use Cases
The symmetric encryption tool is useful for sensitive data transmission, config file encryption, API key protection, database field encryption, etc. Supports both international AES-256 and Chinese standard SM4: AES for global use, SM4 for compliance with Chinese cryptographic regulations. Both run locally in the browser; keys never leave the device.
Features
- AES-256-GCM: recommended mode with authentication tag, tamper-detecting
- AES-256-CBC: legacy compatibility, no authentication
- SM4-ECB/SM4-CBC: Chinese standard symmetric cipher (GB/T 32907-2016), 128-bit key
- Password-derived: AES uses PBKDF2 (100k iter + SHA-256); SM4 uses SM3 + salt
- Hex key: AES 64 hex / SM4 32 hex for advanced users
- Fully local: Web Crypto API + pure JS SM4, key never leaves the browser
- UTF-8 safe: correctly handles non-ASCII characters like Chinese
FAQ
Will my password be uploaded?
No. All encryption/decryption is done locally in your browser; password and key never leave your device.
How to choose between AES and SM4?
Use AES-256-GCM for international use or when no compliance is required (more secure, authenticated). Use SM4 for Chinese compliance (finance/government/MLPS). Different key lengths: AES 256-bit, SM4 128-bit.
How to choose between GCM and CBC?
GCM is recommended — it has an authentication tag to detect tampering. CBC is only for legacy systems; no authentication, more vulnerable.
What is the ciphertext format?
AES password mode: base64(salt[16] + iv + ciphertext); Hex mode: base64(iv + ciphertext). SM4-CBC password mode: base64(salt[16] + iv[16] + ciphertext); SM4-ECB has no IV.
What if decryption fails?
Check: 1) correct password/key 2) algorithm mode matches encryption 3) full ciphertext copied 4) correct key source (password/hex) selected.
Want more details? See the full Symmetric Encryption Tutorial