SJCL Standalone AES [Advanced Encryption Standard] Tool

Choose a strong, random password.

Salt adds more variability to your key, and prevents attackers from using rainbow tables to attack it.

Strengthening makes it slower to compute the key corresponding to your password. This makes it take much longer for an attacker to guess it.

128 bits should be secure enough, but you can generate a longer key if you wish.

This key is computed from your password, salt and strengthening factor. It will be used internally by the cipher. Instead of using a password, you can enter a key here directly. If you do, it should be 32, 48 or 64 hexadecimal digits (128, 192 or 256 bits).

The cipher mode is a standard for how to use AES and other algorithms to encrypt and authenticate your message. OCB2 mode is slightly faster and has more features, but CCM mode has wider support because it is not patented.

The IV needs to be different for every message you send. It adds randomness to your message, so that the same message will look different each time you send it.

Be careful: CCM mode doesn't use the whole IV, so changing just part of it isn't enough.

SJCL adds a an authentication tag to your message to make sure nobody changes it. The longer the authentication tag, the harder it is for somebody to change your encrypted message without you noticing. 64 bits is probably enough.

These parameters are required to decrypt your message later. If the person you're sending the message to knows them, you don't need to send them so your message will be shorter.

Default parameters won't be sent. Your password won't be sent, either. The salt and iv will be encoded in base64 instead of hex, so they'll look different from what's in the box.