What is AES-256-GCM?

AES (Advanced Encryption Standard) is the most widely adopted symmetric encryption algorithm in the world, approved by NIST and used by governments, financial institutions, and security-critical applications globally. The "256" refers to the key length in bits, which determines the number of possible keys an attacker would need to try in a brute-force attack — 2^256 possibilities, a number so large it exceeds the estimated atoms in the observable universe.

GCM (Galois/Counter Mode) is an authenticated encryption mode that adds integrity verification on top of the confidentiality provided by AES. Unlike simpler modes like CBC or ECB, GCM produces an authentication tag alongside the ciphertext. This tag allows the recipient to verify that the encrypted data has not been tampered with during storage or transit. If even a single bit of the ciphertext is altered, decryption will fail entirely rather than producing corrupted output.

The combination of AES-256 with GCM is considered one of the strongest authenticated encryption configurations available. It is efficient enough to run in browsers and on mobile devices via hardware acceleration, while providing the security margin expected for protecting classified information. The use of a random initialization vector (IV) for each encryption operation ensures that encrypting the same plaintext twice produces different ciphertext.

How Vaulted uses AES-256-GCM

Vaulted uses AES-256-GCM as its sole encryption algorithm, executed entirely in your browser via the Web Crypto API. When you create a secret, a random 256-bit key and a 12-byte IV are generated client-side. The plaintext is encrypted with AES-256-GCM, producing ciphertext and an authentication tag. Only the ciphertext and IV are sent to the server — the key stays in the URL fragment and never leaves your device. On the recipient side, the authentication tag ensures the ciphertext was not modified while stored on the server.