Handling Large Messages with AES-GCM
AES-GCM is designed to be efficient across a wide range of message sizes. In theory the specification supports messages up to approximately sixty-four gigabytes before the counter wraps. In practice, browser-based tools face memory, performance, and user experience constraints that impose much lower practical limits.
Most client-side AES-GCM implementations, including the utility discussed here, cap input sizes at one million characters. This corresponds roughly to one megabyte of UTF-8 encoded text. The limit balances security, speed, and browser stability. Encrypting or decrypting one megabyte of data typically takes less than one second on modern desktop or mobile hardware, making the experience feel instantaneous.
Why One Megabyte Is a Practical Ceiling
Browser memory is shared across tabs and processes. Processing several megabytes of data in a single cryptographic operation can cause noticeable slowdowns or memory pressure, especially on lower-end devices. Large inputs also increase the risk of tab suspension or out-of-memory errors during long-running operations.
Additionally, base64 encoding inflates ciphertext size by approximately thirty-three percent. A one-megabyte plaintext produces roughly one point three three megabytes of base64 output, which users must copy and paste. Keeping outputs manageable improves usability.
Performance Characteristics
Encryption and decryption scale linearly with message length. Small messages under one kilobyte complete in a few milliseconds. Messages around one hundred kilobytes remain well under two hundred milliseconds. Even at the one-megabyte boundary, total processing time rarely exceeds eight hundred milliseconds on average consumer laptops or recent smartphones.
The Web Crypto API benefits from hardware acceleration for AES operations in most browsers, ensuring consistent performance across platforms.
Tips for Working with Larger Messages
When handling documents approaching the limit, break content into logical chunks if possible and encrypt them separately with unique nonces. This approach maintains security while reducing peak memory usage. Always test performance on target devices before relying on large-message support in production scenarios.
For extremely large files, consider chunked or streaming encryption in dedicated applications rather than browser-based tools. The one-megabyte limit provides an excellent trade-off for most personal and small-document use cases.
Respecting practical size constraints ensures AES-GCM remains fast, reliable, and user-friendly in the browser.