Encrypt and decrypt text with AES-256-GCM using a password-derived key (PBKDF2) — runs locally, your text and password never leave the browser
This tool encrypts and decrypts text with AES-256-GCM right in your browser. You only supply a password: the tool stretches it into a 256-bit AES key using PBKDF2 (SHA-256, 200,000 iterations) together with a fresh 16-byte random salt generated for every encryption. A random 12-byte IV is then used so AES-GCM provides both confidentiality and an authentication tag that detects tampering. The output is a single base64 string that concatenates the salt, the IV and the ciphertext (including the GCM tag); decryption reads those parameters back automatically.
Everything runs client-side through the browser's native WebCrypto (crypto.subtle) — your plaintext, ciphertext and password are processed locally and never uploaded, which you can confirm in the browser's Network panel. Because each encryption uses a new random salt and IV, encrypting the same plaintext with the same password twice yields different ciphertext — that is the expected, secure behavior.
No. All encryption and decryption happen locally via the browser's native WebCrypto. Your plaintext, ciphertext and password never leave your device, and no network request is made.
AES-256-GCM for encryption and authentication; the key is derived with PBKDF2 (SHA-256, 200,000 iterations) from your password plus a random 16-byte salt; each encryption uses a random 12-byte IV. The output is base64( salt || iv || ciphertext+tag ).
Because a new random salt and IV are generated every time, so identical plaintext yields different ciphertext — a standard defense against replay and pattern analysis. Any ciphertext still decrypts back to the original as long as the password is correct.
Usually a mistyped password, or ciphertext that was altered or copied incompletely. AES-GCM verifies the authentication tag, so any byte mismatch makes it reject decryption with an error rather than return wrong plaintext.