Text Encrypt / Decrypt
AES-256-GCM encryption and decryption using the Web Crypto API — 100% client-side, zero data sent
Text Encrypt / Decrypt
AES-256-GCM encryption and decryption using the Web Crypto API — 100% client-side, zero data sent
Features
- AES-256-GCM encryption via WebCrypto SubtleCrypto.encrypt
- Password-based key derivation: PBKDF2 + SHA-256 with 100,000 iterations
- Random salt (16 bytes) + IV (12 bytes) per encryption — bundled with the ciphertext in base64
- Authenticated encryption — tampering with the ciphertext fails decryption rather than returning garbled plaintext
- Runs entirely in your browser; nothing is sent to a server
How to use
- Select Encrypt or Decrypt mode.
- Enter your text and a strong password.
- Click the button to process.
- Copy the output and share it securely.
- To decrypt, paste the encrypted text and enter the same password.
Tips & Best Practices
- AES-GCM is authenticated encryption — both confidentiality AND integrity in one primitive.
- PBKDF2 with 100k iterations slows brute-force on weak passwords by ~100k×. Pick a strong password regardless.
- Salt and IV are randomised per encryption, so encrypting the same text twice with the same password produces different output (correct, expected).
- For sharing the encrypted blob: the recipient needs the password out-of-band (chat, voice, paper) — encryption is useless if you send the password alongside.
- For very long-term archival, consider OpenPGP via gnupg / age — those have wider ecosystem support than a one-off WebCrypto blob.
FAQ
How secure is this encryption?
Very secure. It uses AES-256-GCM with PBKDF2 key derivation (100,000 iterations). This is the same standard used by government and financial institutions.
Can you decrypt my text if I lose my password?
No. The password never leaves your browser and we have no way to recover it. Keep your password safe.
Is my data sent to a server?
No. All encryption and decryption happens entirely in your browser using the Web Crypto API. Nothing is transmitted.
What encryption algorithm does this tool use?
This tool uses AES-256 in GCM mode (Galois/Counter Mode), which provides both confidentiality and integrity. Keys are derived from your password using PBKDF2 with 100,000 iterations and a per-message salt, making brute-force attacks computationally expensive.
Can I share encrypted text safely over email or chat?
Yes, the encrypted output is plain text (Base64-encoded ciphertext with embedded salt and IV), so it can be pasted into any messaging channel. Just remember to share the password through a separate, secure channel — never include it alongside the ciphertext.
How long does encryption and decryption take?
Both operations are nearly instantaneous for typical text sizes (under a few megabytes), running on the Web Crypto API which is hardware-accelerated in modern browsers. Very large inputs (tens of MB+) may take a couple of seconds because PBKDF2 key derivation is intentionally slow.
Is this suitable for storing passwords or secrets long-term?
It works for long-term storage as long as your password is strong and stored separately. For team-wide secret management, however, dedicated vaults (1Password, Bitwarden, HashiCorp Vault) are a better fit since they handle key rotation, audit logs, and access control.