Encrypt any text with a password using AES-256-GCM and PBKDF2 key derivation. Everything runs in your browser — your password and data never leave the device.

Mode

PBKDF2 iterations

Plaintext

Password

Ciphertext (Base64) Copied!

Output will appear here.

How It Works

Choose Encrypt mode, type your message and a password, and click Encrypt to get an authenticated ciphertext as Base64. The tool uses the browser's Web Crypto API with AES-256 in GCM mode (Galois/Counter Mode), which provides both confidentiality and integrity — any tampering with the ciphertext is detected automatically on decryption. Your password is stretched into a 256-bit key using PBKDF2-HMAC-SHA256 with a fresh random 16-byte salt and 600,000 iterations by default (matching OWASP's 2023 recommendation), making brute-force attacks prohibitively expensive. A fresh random 12-byte IV is generated for every encryption so the same plaintext never produces the same ciphertext twice. The output blob packs a version byte, the iteration count, the salt, the IV, and the ciphertext with GCM authentication tag — everything needed to decrypt, without ever exposing your password. To decrypt, switch mode, paste the Base64 ciphertext, enter the same password, and click Decrypt. If the password is wrong or the ciphertext has been tampered with, AES-GCM will refuse and you will see a single generic error. Nothing is ever uploaded: all encryption, key derivation, and decryption happen entirely in your browser.

Use Cases

Sharing a sensitive note over an untrusted chat or email by sending only the ciphertext and agreeing on a password out-of-band

Storing personal data like recovery codes or private notes in a cloud file without trusting the provider

Encrypting a small piece of text before pasting it into a shared document or ticket

Teaching how authenticated encryption, password-based key derivation, and salts work with a real working example

Creating self-contained ciphertext blobs for CTF challenges or security training exercises