Logo

Text Encryption & Decryption

Securely encrypt and decrypt text in your browser (AES-GCM/AES-CBC, PBKDF2).

Input Text

Characters: 0

Encryption Settings

What is encryption and decryption?

Encryption turns readable text ("plaintext") into unreadable text ("ciphertext") using a secret password. Decryption turns the ciphertext back into the original readable text using the same password. If the password or settings are wrong, decryption fails.

How this tool protects your text

  • Algorithms: AES-GCM (recommended) or AES-CBC.
  • Password-based key: Your password is stretched into a strong key using PBKDF2 with SHA-256 and many iterations.
  • Salt: Random bytes used during key stretching to prevent precomputed attacks.
  • IV (Initialization Vector): Random bytes required by AES to ensure unique ciphertext each time.
  • Everything stays in your browser: No data is uploaded.

Quick start

  1. Type or paste your text into Input Text.
  2. Choose Algorithm (AES-GCM) and Key Size (256-bit).
  3. Enter a strong Password.
  4. Leave Salt and IV set to Auto-generate.
  5. Ensure Bundle metadata (salt + IV) is checked for easiest sharing.
  6. Click Encrypt. Your ciphertext appears in Output.
  7. To decrypt later, paste the ciphertext, enter the same password, and click Decrypt.

Examples

1) Simple encryption with defaults (recommended)

  1. Input Text: Hello, world!
  2. Algorithm: AES-GCM, Key Size: 256-bit
  3. Password: myStrong#Passw0rd
  4. Salt: Auto-generate, IV: Auto-generate
  5. I/O Encoding: Base64; Bundle metadata: enabled
  6. Click Encrypt. Copy or Download the Output.

Later, to decrypt: paste the Output back, enter the same password, click Decrypt. Because metadata is bundled, you don't need Salt or IV.

2) Provide your own Salt and IV (advanced)

  1. Uncheck Auto-generate for Salt and IV.
  2. Enter Salt (hex), e.g. 1f2e3d4c5b6a7980a1b2c3d4e5f60718 (16 bytes = 32 hex chars).
  3. Enter IV (hex):
    • AES-GCM: 12 bytes (24 hex chars)
    • AES-CBC: 16 bytes (32 hex chars)
  4. Encrypt. Save the Output and write down the exact Salt and IV you used.

To decrypt, you must use the same password, same algorithm, and provide the same Salt and IV if metadata was not bundled.

3) Decrypting a bundled message you received

  1. Paste the received ciphertext in Input Text.
  2. Enter the shared Password.
  3. Click Decrypt.

If it was created with Bundle metadata, the tool reads Salt/IV automatically. If decryption fails, confirm the password and encoding (Base64/Hex) match the sender's.

4) Decrypting a non-bundled message

  1. Paste the ciphertext.
  2. Enter the Password.
  3. Select the correct Algorithm and Key Size.
  4. Enter the exact Salt (hex) and IV (hex) provided by the sender.
  5. Click Decrypt.

Tips & FAQs

  • Which algorithm? AES-GCM includes authentication (detects tampering) and is recommended.
  • What is Salt? Random data for key stretching. It does not need to be secret, but it must be the same for decrypting if not bundled.
  • What is IV? A random per-encryption value. It does not need to be secret, but must be correct for decryption if not bundled.
  • Why different results each time? New random Salt/IV are used, so ciphertext changes even for the same text and password.
  • Base64 vs Hex? Base64 is shorter; Hex is more readable. Both are fine as long as encrypt and decrypt match.
  • PBKDF2 Iterations: Higher = more secure but slower. Defaults aim for a good balance.
  • Security note: Use a strong password. Anyone with the password can decrypt the message.