What is AES-256-CBC + HMAC encryption?

AES-256-CBC + HMAC combines AES-256 in Cipher Block Chaining mode (a classic block cipher) with HMAC-SHA256 for message authentication. This 'Encrypt-then-MAC' construction uses two separate keys: one for encryption and one for authentication, providing both confidentiality and integrity protection.

How does CBC mode work?

CBC (Cipher Block Chaining) mode encrypts data in 16-byte blocks, where each block is XORed with the previous ciphertext block before encryption. This creates a chain where each block depends on all previous blocks. An Initialization Vector (IV) starts the chain, and PKCS7 padding ensures the last block is complete.

Why is HMAC needed with CBC mode?

CBC mode alone only provides confidentiality, not integrity. Without authentication, attackers could modify ciphertext in ways that produce predictable changes in plaintext (bit-flipping attacks). HMAC-SHA256 creates a cryptographic signature that detects any tampering, ensuring both confidentiality and integrity.

When should I use CBC+HMAC instead of GCM?

CBC+HMAC is preferred when you need maximum compatibility with older systems, require explicit key separation, or want the most battle-tested construction. It's widely supported across all platforms and languages. GCM is faster and simpler but CBC+HMAC's long track record makes it a conservative, reliable choice.

Is my data sent to any server?

No, absolutely not. All encryption and decryption happens entirely in your browser using the Web Crypto API. Your data, passwords, and encrypted results never leave your device. You can even use this tool offline after the page loads.

What is PKCS7 padding?

PKCS7 padding is a standard method to pad data to a multiple of the block size (16 bytes for AES). It adds bytes equal to the number of padding bytes needed. For example, if 5 bytes are needed, it adds 5 bytes each with the value 0x05. This is automatically handled during encryption and removed during decryption.

AES-256-CBC + HMAC-SHA256 Encryption

Classic block cipher encryption with separate message authentication. Encrypt-then-MAC design with PKCS7 padding.

🔐 Your Data is Fully Protected

Your data is fully protected using military-grade AES-256 encryption. We never store your data, passwords, or encrypted results anywhere on our website or in any database.

About This Algorithm

Encryption: AES-256-CBC

Cipher Block Chaining mode
256-bit encryption key
16-byte random IV per encryption
PKCS7 padding (automatic)

Authentication: HMAC-SHA256

Separate key for authentication
HMAC covers salt + IV + ciphertext
Encrypt-then-MAC for security
Prevents padding oracle attacks

Text to Encrypt

Password *

Use Password Generator

Remember this password - you'll need it to decrypt the data

Output Format

About AES-256-CBC + HMAC-SHA256 Encryption

AES-256-CBC + HMAC-SHA256 is the classic block cipher encryption with authentication. CBC (Cipher Block Chaining) is one of the oldest and most battle-tested encryption modes, used for decades in SSL/TLS, disk encryption, and countless other applications. Combined with HMAC-SHA256 in an Encrypt-then-MAC construction, it provides robust security with maximum compatibility across platforms and legacy systems.

Technical Specifications

Encryption Algorithm

AES-256-CBC (Cipher Block Chaining) encrypts data in 16-byte blocks. Each plaintext block is XORed with the previous ciphertext block before encryption, creating a chain that prevents pattern leakage.

Authentication (HMAC)

HMAC-SHA256 computes a 256-bit authentication tag over the ciphertext, IV, and salt. This Encrypt-then-MAC approach prevents padding oracle attacks and detects any tampering.

PKCS7 Padding

Since CBC requires data to be a multiple of 16 bytes, PKCS7 padding is applied. Each padding byte contains the number of bytes added (e.g., 5 bytes of value 0x05). This is automatically handled.

Key Derivation

PBKDF2-HMAC-SHA256 with 100,000 iterations. Two separate 256-bit keys are derived: one for AES encryption and one for HMAC, ensuring cryptographic key separation.

How CBC Mode Works

1. Initialization: A random 128-bit Initialization Vector (IV) starts the chain. The IV doesn't need to be secret but must be unique for each encryption with the same key.

2. Block Chaining: Each 16-byte plaintext block is XORed with the previous ciphertext block (or IV for the first block), then encrypted with AES-256. This creates dependencies between blocks.

3. Padding: If the plaintext isn't a multiple of 16 bytes, PKCS7 padding adds bytes until it is. The padding value indicates how many bytes were added.

4. Authentication: After encryption, HMAC-SHA256 is computed over (salt || IV || ciphertext) using a separate MAC key. This tag is verified before decryption.

Why Use CBC+HMAC?

✓ Advantages

• Maximum compatibility: Works with virtually all systems
• Battle-tested: Decades of cryptanalysis and real-world use
• Key separation: Independent encryption and MAC keys
• Widely understood: Extensive documentation and tooling
• Proven security: Encrypt-then-MAC is formally verified

⚠ Considerations

• Requires PKCS7 padding (slightly larger output)
• Sequential encryption (no parallelization)
• Must verify HMAC before decrypting (critical!)
• Two-pass processing (encrypt, then MAC)
• Padding oracle attacks possible if HMAC not verified first

🔐 Why Encrypt-then-MAC?

This construction verifies the HMAC before attempting decryption. This is critical for CBC mode because it prevents padding oracle attacks—a class of attacks where an attacker can decrypt ciphertext by observing whether decryption succeeds or fails. By verifying the MAC first, we never even attempt to decrypt tampered data.

Comparison with Other Modes

Feature	AES-GCM	CTR+HMAC	CBC+HMAC
Cipher Type	Stream (CTR-based)	Stream cipher	Block cipher
Padding Required	No	No	Yes (PKCS7)
Parallelizable	Yes	Yes	Decrypt only
Compatibility	Modern systems	Most systems	Universal
Best For	Speed, modern protocols	Key separation	Legacy, maximum compatibility

How Your Data is Protected

This tool uses secure server-side processing with the industry-standard AES-256-CBC encryption algorithm combined with HMAC-SHA256 for message authentication. The implementation follows the Encrypt-then-MAC pattern: encryption is performed first, then HMAC is computed over the complete ciphertext including IV and salt. During decryption, the HMAC is verified before any attempt to decrypt, preventing padding oracle attacks. Your data is fully protected during transmission and processing—we never store your plaintext, password, or encrypted results anywhere on our website or in any database. All data is processed in isolated memory and immediately discarded after your encryption/decryption is complete.

Try Other Encryption Methods

AES-256-GCMRecommended

Fastest AEAD with built-in authentication

XChaCha20-Poly1305

Modern cipher with Argon2id KDF

AES-256-CTR+HMAC

Stream cipher with key separation

View all encryption methods