Encrypt or decrypt text with a passphrase using AES-GCM. Runs entirely in your browser.
Encrypt or decrypt text with a passphrase using AES-GCM 256-bit encryption. The passphrase is stretched into a cryptographic key with PBKDF2 (SHA-256, 200,000 iterations) and combined with a fresh random salt and IV for every encryption. All processing happens in your browser with the native WebCrypto API — nothing is uploaded.
Pick a mode
Switch between Encrypt and Decrypt at the top. Encrypt turns plaintext into base64 ciphertext; Decrypt reverses it.
Enter your text and passphrase
Paste the plaintext (to encrypt) or base64 ciphertext (to decrypt) into the left pane, then type a strong passphrase.
Run the operation
Click Encrypt or Decrypt. The result appears in the right pane ready to copy. Wrong passphrases surface as a clear error.
No. Encryption and decryption happen locally using the browser's built-in WebCrypto API. Your passphrase and plaintext never leave your device.
AES-GCM with a 256-bit key. The key is derived from your passphrase with PBKDF2-SHA256 and 200,000 iterations, combined with a fresh 16-byte random salt and 12-byte IV for every encryption.
A single base64 string that packs a version byte, the 16-byte salt, the 12-byte IV, and the AES-GCM ciphertext (including the 16-byte auth tag). That's everything needed to decrypt given the right passphrase.
No. AES-GCM is authenticated encryption — without the correct passphrase the data cannot be recovered. Store your passphrase in a secure password manager.
Only if they use the same format (version byte + salt + IV + AES-GCM ciphertext). Use this tool for both encryption and decryption to guarantee compatibility.