Text Encrypter & Decrypter (AES-256)

Encrypt and decrypt text with a password using AES-256 (Web Crypto). Share secrets safely — it runs in your browser and your key never leaves.

Runs in your browser — nothing uploaded

Uses AES-256-GCM with a key derived from your password via PBKDF2 (SHA-256, 600,000 iterations). Encryption and decryption happen entirely in your browser — the text and password never leave your device. There is no password recovery: if you lose the password, the text cannot be decrypted.

Encrypt a message with a password so only someone with that password can read it. This tool uses AES-256 in your browser — the text and key never leave your device — and produces a compact block you can paste into any chat or email. Switch to Decrypt to read one you received.

Private by design — your data never leaves your device

How to use it

No account, no upload — it all happens on your device.

1
Keep Encrypt selected, type your message, and enter a password.
2
Click Encrypt and copy the Base64 output to share.
3
To read a message, switch to Decrypt, paste the block, and enter the password.
4
Share the password through a separate channel from the ciphertext.

How it works

Standard, well-understood cryptography.

  • AES-256-GCM. A modern authenticated cipher — it both hides the message and detects any tampering, so a modified ciphertext fails to decrypt rather than returning garbage.
  • PBKDF2 key derivation. Your password is stretched with 600,000 SHA-256 iterations and a random salt, which slows down brute-force guessing dramatically.
  • Fresh randomness each time. A new salt and IV are generated per message, so encrypting the same text twice yields different output.

Using it safely

  • Pick a strong password. The encryption is only as strong as the password — a short or common one can be guessed. Test one with the Password Strength Checker.
  • Share the password separately. Never send the password in the same message as the ciphertext.
  • There is no backdoor. Lost passwords mean lost messages — keep the password safe.

Frequently asked

How secure is this?
It uses AES-256-GCM, the same authenticated cipher trusted for government and banking data. The key is derived from your password with PBKDF2 (SHA-256, 600,000 iterations) and a random salt, and every message gets a fresh random salt and IV. Strength ultimately depends on your password — use a long, unique one.
What do I send to the other person?
Send them the encrypted text (the Base64 block) and share the password through a separate channel — say the password in person or by phone, not in the same email as the ciphertext. They paste the block here, switch to Decrypt, enter the password, and read the message.
Is anything uploaded or recoverable?
No. Encryption and decryption run entirely in your browser via the Web Crypto API; the text and password never leave your device. There is also no recovery — if the password is lost, the message cannot be decrypted by anyone, including us.

Related tools

JSON Formatter & BeautifierFormat, beautify, and validate JSON instantly in your browser. Your data never leaves your device.JWT Decoder & VerifierDecode and verify JSON Web Tokens (JWT) in your browser. HS256, RS256, ES256 supported. Tokens and keys never leave your device.Base64 Encoder & DecoderEncode text to Base64 or decode Base64 back to text instantly in your browser. Unicode-safe. Nothing is uploaded.