Text Encryption & Decryption

Encrypt text using AES-256-GCM — authenticated encryption with a 256-bit key derived from your password using PBKDF2. The output includes a random salt and IV, making every encryption unique even with the same password.

Input Text

Password / Passphrase

Output Format

PBKDF2 Iterations

iters

Output will appear here after encryption or decryption…

Algorithm Details

AES-256

Cipher

GCM

Mode

PBKDF2

Key Derivation

SHA-256

KDF Hash

128-bit

Auth Tag

96-bit

IV / Nonce

128-bit

Salt

Remember your password! AES-256-GCM is computationally infeasible to break without the correct password. If you lose your password, the encrypted data cannot be recovered.

What is AES-256-GCM?

AES (Advanced Encryption Standard) with a 256-bit key in GCM (Galois/Counter Mode) is the most widely used symmetric encryption algorithm in the world. It is used in TLS/HTTPS, file encryption, VPNs, and secure messaging apps. GCM mode provides both confidentiality (data is unreadable without the key) and authenticity (tampering is detected via an authentication tag). This tool uses the browser's native Web Crypto API with PBKDF2 key derivation — your data never leaves your device.

Classical vs Modern Ciphers

Caesar cipher: Simple substitution cipher — shift all letters by a fixed amount. Easily broken with frequency analysis or brute force (only 25 possible keys).
Vigenère cipher: Polyalphabetic substitution using a keyword. Much stronger than Caesar but broken by the Kasiski test in the 19th century.
XOR cipher: Fast bitwise encryption. A one-time pad (random key as long as the message) is theoretically unbreakable; with a short repeated key, it is easily broken.
ROT13: A special case of Caesar with shift 13 — used online to hide spoilers and punchlines, not for real security.
AES-256-GCM: Military-grade modern encryption. Computationally infeasible to break with current or foreseeable technology when used with a strong password.

How This Tool Protects Your Data

For AES-256-GCM, this tool generates a random 128-bit salt and random 96-bit IV (nonce) for every encryption operation. Your password is never used directly as a key — instead, it is stretched using PBKDF2 with SHA-256 and up to 500,000 iterations to produce a 256-bit key, making brute-force password attacks extremely expensive. The salt and IV are prepended to the ciphertext so decryption is self-contained. Everything runs in the browser via the Web Crypto API — no data is transmitted anywhere.