What is File Decryptor?

File Decryptor uses the Web Crypto API to decrypt files encrypted with AES-GCM, AES-CBC, AES-CTR, or RSA-OAEP. Your files and keys never leave your device, so you can safely open encrypted attachments or archives.

The decryptor runs four Web Crypto algorithms out of the box: AES-GCM (the default, with built-in integrity check), AES-CBC (legacy but still widely used), AES-CTR (streaming counter mode for OpenSSL aes-ctr files) and RSA-OAEP for files encrypted with a public key. Files with a PBKDF2 salt header (16 bytes) auto-derive a key from your password, and you can switch the PBKDF2 hash between SHA-256 and SHA-512 to match the encrypting tool. Raw key files take hex or Base64. The Verify Integrity check warns you when a corrupted file silently decrypts to garbage.

How to use

1. Upload an encrypted file or paste the ciphertext as Base64 or Hex, then select the algorithm that was used (AES-GCM, AES-CBC, AES-CTR, or RSA-OAEP).
2. Enter or paste the decryption key (password for AES, private key for RSA). For AES, provide the IV/nonce if required.
3. Click Decrypt and download the decrypted file. The tool shows progress for large files and verifies integrity automatically.

When to use

• Opening a password-protected backup or archive you encrypted on another machine.
• Decrypting a sensitive report a colleague shared, without uploading to a third-party service.
• Recovering older AES-CBC encrypted files where you still have the original passphrase.

Result

A security researcher receives an AES-256-GCM encrypted report via email, uploads it along with the shared passphrase, and decrypts the PDF in seconds — all without any server involvement.

FAQ

How does this tool keep my files private?

Every step, from reading the file to deriving the key to decryption, runs locally through the Web Crypto API. Neither the file bytes nor the key are ever sent over the network, so even an encrypted document with sensitive contents stays on your device.

Why does decryption fail even though I'm sure the password is right?

Usually one of four things: wrong algorithm selected (AES-GCM, AES-CBC and AES-CTR look identical from the outside), wrong IV / nonce format (hex vs Base64), a PBKDF2 iteration count different from the standard 100,000, or a PBKDF2 hash mismatch — some tools default to SHA-512 instead of SHA-256. Try toggling the algorithm, the PBKDF2 hash and the IV format first.

What's the difference between AES-GCM and AES-CBC?

GCM is authenticated: if the ciphertext or IV is tampered with, decryption fails loudly. CBC has no built-in integrity check, so a wrong key can give you plausible-looking garbage. Prefer GCM for anything new; use CBC only when you're decrypting old data.

Can I decrypt a file encrypted with another tool like OpenSSL or 7-Zip?

Only if the other tool used one of these four algorithms with compatible key derivation. OpenSSL's default 'enc' format uses a custom EVP_BytesToKey scheme this tool doesn't replicate. 7-Zip's AES-256 is supported only when you re-export the keystream — most users will need 7-Zip itself.

What does the integrity verification actually check?

For AES-GCM, it verifies the authentication tag baked into the ciphertext — a single flipped bit fails the check. For AES-CBC and RSA-OAEP, it checks the PKCS#7 padding of the decrypted output, which catches most but not all corruption.

Related Tools