JSONToTable

Loading AES IV/Nonce Generator...

How to Use AES IV/Nonce Generator

Generate one or more random IV/nonce values based on your AES mode requirements.

Step 1

Choose IV/Nonce Target

Pick AES-GCM nonce, AES-CBC IV, AES-CTR counter, or a custom byte length. Different AES modes expect different value sizes, so this selection must match your encryption mode. For official guidance, review NIST SP 800-38A and NIST SP 800-38D.

-
AES-GCM: typically 12-byte nonce for best interoperability.
-
AES-CBC: 16-byte IV (same as AES block size).
-
AES-CTR: 16-byte counter/nonce value in most implementations.

Example: Recommended Lengths

AES-GCM nonce -> 12 bytes
AES-CBC IV    -> 16 bytes
AES-CTR value -> 16 bytes
Step 2

Set Count and Output Format

Generate multiple random values at once in HEX, Base64, or both formats. Use HEX for low-level crypto libraries and Base64 for API payload transport. Browser-safe randomness is generated using crypto.getRandomValues().

-
Use HEX when integrating with language crypto libraries.
-
Use Base64 for API requests and JSON payload fields.
-
Generate batch values when preparing test fixtures or load-test scenarios.

Example: Batch Output

#1 (hex): 9f8d4a2bc61301ecde71c4a9
#2 (hex): 1ac2de4498f72a0a11f3a7c2
#3 (hex): d4ab90f2d3cc8e7100ba3e1f
Step 3

Copy, Download, and Verify

Copy values directly to clipboard or download as text for config use. If your backend expects Base64, avoid manual re-encoding mistakes by using values exactly as generated. For encoding rules, see RFC 4648.

-
Copy one value for immediate encryption request testing.
-
Download all generated values to share with your implementation team.
-
Record the exact mode (GCM/CBC/CTR) alongside each generated value.
Step 4

Apply Safe Reuse Rules

Never reuse the same IV/nonce with the same key across encryptions, especially for GCM and CTR. For secure system design practices, follow OWASP cryptographic storage guidance and refer to your platform's Web Crypto API behavior.

Frequently Asked Questions

What is the difference between IV and nonce?

Both are non-secret random values used during encryption. Terminology differs by mode: CBC typically uses IV, while GCM/CTR often use nonce/counter.

Can I reuse the same nonce with AES-GCM?

No. Reusing a nonce with the same key in GCM can break security guarantees. Always generate a new nonce for each encryption as highlighted in NIST SP 800-38D.

What length should I use for GCM nonce?

12 bytes is the standard and most interoperable value for AES-GCM implementations.

What length should I use for CBC IV and CTR counter?

AES block size is 16 bytes, so CBC IV and CTR counter values are typically 16 bytes.

Is this value secret like an AES key?

No, IV/nonce values are usually transmitted with ciphertext. They must be unique/unpredictable, but they do not need to be kept secret.

Can I generate multiple values at once?

Yes. This page supports batch generation so you can quickly prepare test vectors and configuration values.

Related Tools

AES Encryption

AES encryptor online - Encrypt text, JSON, and files with AES-128 or AES-256. Support for CBC, GCM, and CTR cipher modes. Military-grade encryption with automatic key generation.

AES Decryption

AES decryptor online - Decrypt AES-encrypted data with AES-128 or AES-256. Support for CBC, GCM, and CTR modes. Restore your encrypted files securely.

AES Key & IV Generator

Generate secure AES-128 or AES-256 encryption keys and initialization vectors (IV) in hex or Base64 format.

AES-GCM Encrypt/Decrypt

Encrypt and decrypt data specifically in AES-GCM mode with AES-128 or AES-256 and Base64 ciphertext output.

AES-CBC Encrypt/Decrypt

Encrypt and decrypt data specifically in AES-CBC mode with AES-128 or AES-256 and Base64 ciphertext output.

AES-CTR Encrypt/Decrypt

Encrypt and decrypt data specifically in AES-CTR mode with AES-128 or AES-256 and Base64 ciphertext output.