What encryption algorithm does this tool use?

The tool uses AES-256-GCM (Advanced Encryption Standard with 256-bit key in Galois/Counter Mode). The key is derived from your password using PBKDF2 with SHA-256 and 100,000 iterations. A random 16-byte salt and 12-byte IV are generated for each encryption operation. GCM mode provides both confidentiality and authentication, meaning tampering with the ciphertext is detectable.

Is my data safe? Does anything get sent to a server?

Nothing is sent to any server. All cryptographic operations use the browser's built-in Web Crypto API (window.crypto.subtle), which runs entirely locally. This is verifiable: open browser DevTools, go to Network tab, and you'll see zero requests made when encrypting or decrypting. Your text and password never leave your device.

What happens if I lose my password?

There is no recovery mechanism. AES-256 is designed so that without the correct password, decryption is computationally infeasible — not just difficult, but practically impossible with current computing power. If you lose your password, the encrypted text is permanently unrecoverable. Always store your password in a secure location (like a password manager).

Can I decrypt text that was encrypted by someone else?

Yes, as long as they share the encrypted output and the password with you. The encrypted text is a self-contained base64 string that includes the salt and IV needed for decryption. The only shared secret is the password — paste the encrypted text and enter the same password to decrypt.

What are good use cases for browser-side encryption?

Good use cases include: encrypting sensitive notes before storing in a cloud service, encrypting a message before sending via an insecure channel, creating a simple encrypted backup of credentials or private text, and sharing sensitive information where you can securely communicate the password separately. It's not suitable for key management, bulk file encryption, or enterprise security systems.

Text Encrypt / Decrypt

Encrypt and decrypt text using AES-256-GCM directly in your browser. No data is ever sent to a server.

All operations run in your browser. Nothing is ever sent to a server.

AES-256-GCM • PBKDF2-SHA256 (100k iterations) • Web Crypto API

Plain Text

Password

Encrypted Output

How to Use

Encrypt and decrypt text using AES-256-GCM directly in your browser. No data is ever sent to a server.

1To encrypt text: make sure you're on the 'Encrypt' tab, type or paste the text you want to protect in the 'Plain Text' field.
2Enter a strong password in the Password field — this is the only key to decrypt the text later. Use a mix of letters, numbers, and symbols. Click the eye icon to toggle visibility.
3Click the 'Encrypt' button. After a brief moment (the browser derives the key using 100,000 PBKDF2 iterations), the encrypted output appears as a long base64 string.
4Copy the encrypted output using the 'Copy' button and store or share it. The encrypted string includes the salt and IV — it's self-contained.
5To decrypt: switch to the 'Decrypt' tab, paste the encrypted base64 string, enter the same password, and click 'Decrypt'. The original text appears instantly.

Key Features

AES-256-GCM encryption — one of the strongest symmetric encryption algorithms available, with built-in authentication
PBKDF2-SHA256 key derivation — 100,000 iterations add significant resistance to brute-force password attacks
100% client-side — uses the browser's native Web Crypto API; no data ever leaves your device
Self-contained encrypted output — the base64 string embeds the random salt and IV, so no metadata needs to be stored separately
Show/hide password toggle and clear error messages for wrong passwords or corrupted input

Frequently Asked Questions

Learn More

Text Encryption in the Browser — AES-256 Without Installing Anything