How AES-256-GCM Provides Authenticated Encryption
AES-256-GCM is the encryption algorithm chosen for this utility because it simultaneously achieves two critical security goals: confidentiality and authenticity. Confidentiality means only someone who knows the correct passphrase can read the original text. Authenticity means any attempt to modify the encrypted message will be instantly detected during decryption.
AES stands for Advanced Encryption Standard and the 256 refers to the key length in bits. A longer key exponentially increases the effort required for an attacker to guess it. The GCM part—Galois/Counter Mode—builds on the basic AES block cipher by turning it into a stream cipher while attaching a special authentication tag to every encrypted message.
The Role of the Authentication Tag
During encryption, GCM calculates a short but cryptographically strong tag based on both the ciphertext and any associated data. This tag is bundled together with the initialization vector and the salt in the final base64 output you see. When you attempt to decrypt, the browser recomputes the tag using the provided passphrase and the received ciphertext. If even one bit has been flipped—whether by accident during copy-paste or deliberately by an attacker—the tags will not match and decryption fails with a clear error.
This property protects against many real-world threats. For example, if someone intercepts your encrypted note and tries to change a few words before forwarding it, the recipient will know the message was tampered with. Without authentication, altered ciphertext could silently decrypt to misleading or dangerous content.
Why Not Just AES-CBC or AES-CTR?
Older modes such as CBC provide confidentiality but offer no built-in way to detect tampering. An attacker who understands the format can sometimes flip bits to produce predictable changes in the decrypted text. Counter mode improves performance but still lacks integrity protection. GCM solves both problems efficiently in modern browsers, which is why it has become the recommended choice for new applications that need strong security without complexity.
In this utility the entire GCM process—including tag verification—runs through the Web Crypto API, a carefully audited browser feature available in all major browsers. You get military-grade encryption without installing software or trusting external services.
Mastering passphrase selection and safe handling of the resulting ciphertext will further strengthen your protection. Those topics are covered in upcoming articles.