AES Text Encryption

Encrypt any text behind a password with AES-256-GCM, then decrypt it later with the same password. The key is derived from your password with PBKDF2, and every byte stays in your browser - nothing is sent to a server. Use it to send a secret over a channel you don't fully trust.

Security

Lock text behind a password with AES-256-GCM. The key is stretched from your password with PBKDF2, and everything happens in your browser - nothing is uploaded. Share the result and the password separately, and only someone with the password can read it.

Password

Text to encrypt

Encrypted message

How the encryption works

Your text is encrypted with AES-256 in GCM mode, the same algorithm that protects HTTPS traffic. GCM also produces an authentication tag, so decryption fails loudly if the message or password is wrong instead of returning garbage. The key comes from running your password through PBKDF2-SHA-256 with 200,000 iterations and a random salt, which makes guessing a weak password slow. The random salt and IV are bundled into the output, so the password is the only thing you need to share to decrypt later.

How to use it

Pick Encrypt, type a password, paste your text, and hit Encrypt. Copy the Base64 result and send it along. To read it back, switch to Decrypt, enter the same password, paste the encrypted message, and hit Decrypt. Send the password through a different channel than the message - texting the password while emailing the ciphertext is a lot safer than putting both in one place.

Good to know

The strength comes entirely from the password. A short or common password can still be cracked offline no matter how good the cipher is, so use a long, random one. There's no recovery - lose the password and the text is gone for good. And because the salt and IV are random, encrypting the same text twice gives you two different outputs, which is exactly what you want.