January Sale - Secure Your Passwords
NordPass

Free AES Key Generator

Generate cryptographically random AES keys at 128, 192, or 256 bits. Output in hex, base64, or URL-safe base64. Runs in your browser via the native crypto.getRandomValues()API — the key never touches a network.

256-bit AES key (32 bytes). Generated locally using crypto.getRandomValues.

AES key size — which to pick

  • AES-128 — 128-bit key. Believed unbreakable by classical computers; some headroom against future cryptanalysis.
  • AES-192 — rarely used. Middle option for compliance with older standards.
  • AES-256 — 256-bit key. The modern default. Approved for TOP SECRET classified data; resists hypothetical quantum attacks better than AES-128 (Grover’s algorithm reduces effective strength to half the key length).

Pairing with a mode of operation

Don’t use raw AES — pair it with a mode like GCM, OCB, or CCM. GCM is the most common modern choice: it provides both confidentiality and authentication in one pass. Never use ECB (it leaks patterns) and avoid CBC for new code (vulnerable to padding-oracle attacks).

You will also need an Initialisation Vector (IV) / Nonce — typically 12 random bytes for GCM, 16 for CBC. Generate one with our random string generator.

Frequently asked questions

AES (Advanced Encryption Standard) is the most widely-used symmetric encryption algorithm in the world. It comes in three key sizes — 128, 192, and 256 bits. AES-128 is fine for almost everyone; AES-256 has a larger safety margin against future cryptanalysis and is the default for new systems.

AES-256 is the modern default. It is the only AES variant approved for U.S. government TOP SECRET data and is what TLS, disk encryption, and password managers use by default. The performance cost vs AES-128 is negligible on modern CPUs with AES-NI.

Functionally identical at the same key size. Hex is more compatible (only 0-9, a-f) and easier to inspect by eye. base64 is shorter — 256 bits is 64 hex chars vs 44 base64 chars. Pick whatever your library expects.

Yes. Import as raw bytes — decode the hex/base64 first — then crypto.subtle.importKey("raw", bytes, { name: "AES-GCM", length: 256 }, false, ["encrypt", "decrypt"]).

Yes. The key is generated entirely in your browser using crypto.getRandomValues, which is the cryptographic-grade RNG. Nothing is sent to a server.

Related tools

NordVPN