Encryption / Decryption Tool

Encrypt and decrypt text using AES-256-GCM — a military-grade encryption algorithm. Everything happens in your browser. No data is ever sent to a server.

Algorithm: AES-256-GCM with PBKDF2 key derivation (100,000 iterations, SHA-256) · Output: Base64-encoded ciphertext with embedded IV and salt · Standard: NIST-approved, used by governments and financial institutions worldwide

Plaintext (text to encrypt)

Password / Secret Key

Enter a password

Encrypted Output

About the Encryption / Decryption Tool

Uses AES-256-GCM, the gold standard for symmetric encryption, via the browser's native Web Crypto API. Your password is never used directly as a key — it's processed through PBKDF2 (100,000 iterations) with a random salt to derive a secure 256-bit key. The output includes the salt, IV, and ciphertext, all encoded as Base64.

How to Use

Encrypt: Enter your plaintext, set a strong password, and click Encrypt. Copy the output and share it (only someone with the same password can decrypt it).
Decrypt: Switch to Decrypt mode, paste the encrypted output, enter the same password, and click Decrypt.

How It Works

The tool uses the Web Crypto API's AES-GCM algorithm. Your password is hashed with PBKDF2 to derive a 256-bit encryption key. A random IV (initialization vector) is generated for each encryption. The IV is prepended to the ciphertext so decryption can use the same IV.

Example

Encrypt a sensitive note before saving it in a shared document: encrypt with your password, paste the ciphertext into the shared doc. Only someone with the password can decrypt it back to readable text.

Frequently Asked Questions

AES-256-GCM is a symmetric encryption algorithm using a 256-bit key. GCM (Galois/Counter Mode) provides both encryption and authentication, meaning it detects if the ciphertext has been tampered with. It is used by banks, governments, and browsers worldwide.

PBKDF2 (Password-Based Key Derivation Function 2) converts your password into a cryptographic key. Using 100,000 iterations makes brute-force attacks extremely slow. Even a modern GPU that can try billions of simple hash attempts per second is reduced to thousands of PBKDF2 attempts per second.

Yes — the encrypted output is safe to share in public channels (email, Slack, etc.), as long as your password remains secret. Without the password, the ciphertext is computationally infeasible to decrypt.

There is no recovery mechanism. If you lose the password, the encrypted data is unrecoverable. This is by design — it means even we cannot access your data. Always store passwords in a password manager.