Cifrar / Descifrar Texto

Cifrado y descifrado AES-256-GCM usando la Web Crypto API — 100% del lado del cliente, sin envío de datos

Uses AES-256-GCM with PBKDF2 (100,000 iterations, SHA-256). Salt and IV are randomly generated and embedded in the output. All processing happens in your browser — nothing is sent to any server.

Cifrar / Descifrar Texto

Cifrado y descifrado AES-256-GCM usando la Web Crypto API — 100% del lado del cliente, sin envío de datos

Características

  • AES-256-GCM encryption via WebCrypto SubtleCrypto.encrypt
  • Password-based key derivation: PBKDF2 + SHA-256 with 100,000 iterations
  • Random salt (16 bytes) + IV (12 bytes) per encryption — bundled with the ciphertext in base64
  • Authenticated encryption — tampering with the ciphertext fails decryption rather than returning garbled plaintext
  • Runs entirely in your browser; nothing is sent to a server

Cómo usar

  1. Select Encrypt or Decrypt mode.
  2. Enter your text and a strong password.
  3. Click the button to process.
  4. Copy the output and share it securely.
  5. To decrypt, paste the encrypted text and enter the same password.

Consejos y buenas prácticas

  • AES-GCM is authenticated encryption — both confidentiality AND integrity in one primitive.
  • PBKDF2 with 100k iterations slows brute-force on weak passwords by ~100k×. Pick a strong password regardless.
  • Salt and IV are randomised per encryption, so encrypting the same text twice with the same password produces different output (correct, expected).
  • For sharing the encrypted blob: the recipient needs the password out-of-band (chat, voice, paper) — encryption is useless if you send the password alongside.
  • For very long-term archival, consider OpenPGP via gnupg / age — those have wider ecosystem support than a one-off WebCrypto blob.

Preguntas frecuentes

How secure is this encryption?

Very secure. It uses AES-256-GCM with PBKDF2 key derivation (100,000 iterations). This is the same standard used by government and financial institutions.

Can you decrypt my text if I lose my password?

No. The password never leaves your browser and we have no way to recover it. Keep your password safe.

Is my data sent to a server?

No. All encryption and decryption happens entirely in your browser using the Web Crypto API. Nothing is transmitted.

Herramientas relacionadas

Password GeneratorHash GeneratorJWT Decoder & VerifierPassword Strength CheckerSecure Note SharerFile Hash VerifierJWT GeneratorCSP Header GeneratorSRI Hash GeneratorX.509 / SSL Certificate DecoderPGP Encrypt, Decrypt & Generate KeysIP Address FinderCSV Cleaner & NormalizerMarkdown PreviewerAPI Rate Limiting CalculatorXML ⇄ JSON ConverterCSV ⇄ JSON ConverterUnit Converter