Encryption & Decryption Tool
Encrypt and decrypt text with AES-128, AES-256 (CBC/GCM) and RSA (2048/4096). 100% client-side using the Web Crypto API.
100% Client-Side — Your data never leaves your browser. All encryption and decryption happens locally using the Web Crypto API. We cannot see your passwords, keys, or data.
Key is derived from your password using PBKDF2-SHA256
What is Encryption?
Encryption transforms readable data (plaintext) into an unreadable format (ciphertext) using a secret key. Only someone with the correct key can reverse the process and recover the original data. This is fundamentally different from encoding (like Base64, which is reversible without a key) and hashing (like SHA-256, which is one-way and cannot be reversed).
AES Encryption Explained
AES (Advanced Encryption Standard) is a symmetric encryption algorithm — the same key encrypts and decrypts the data. AES-128 uses a 128-bit key (16 bytes) while AES-256 uses a 256-bit key (32 bytes). Both are considered secure, but AES-256 provides a larger security margin. AES operates in different modes: CBC (Cipher Block Chaining) is the traditional mode that requires padding, while GCM (Galois/Counter Mode) is the modern preferred mode because it provides both encryption and authentication — it detects if the ciphertext has been tampered with. When using a password instead of a raw key, PBKDF2 (Password-Based Key Derivation Function 2) stretches your password into a cryptographic key using many iterations of SHA-256, making brute-force attacks much slower.
RSA Encryption Explained
RSA is an asymmetric encryption algorithm that uses a pair of keys: a public key (shared openly) for encryption and a private key (kept secret) for decryption. RSA-2048 and RSA-4096 refer to the key size in bits — larger keys are more secure but slower. RSA is typically used for encrypting small amounts of data like symmetric keys, not for bulk encryption. In practice, a hybrid approach is common: encrypt the data with AES, then encrypt the AES key with RSA.
Encryption vs Encoding vs Hashing
Base64 encoding is not encryption — it is a reversible format conversion that provides no security. Anyone can decode Base64 without a key. SHA-256 hashing is one-way — you cannot recover the original data from a hash. Encryption (AES, RSA) is reversible but requires the correct key, providing true confidentiality.
Frequently Asked Questions
AES-128 uses a 128-bit (16-byte) key while AES-256 uses a 256-bit (32-byte) key. Both are secure, but AES-256 provides a larger security margin against brute-force attacks. AES-256 is recommended for sensitive data.
CBC (Cipher Block Chaining) provides confidentiality only. GCM (Galois/Counter Mode) provides both confidentiality and authentication — it can detect if the encrypted data has been modified. GCM is the recommended modern mode.
Yes. All operations use the Web Crypto API built into your browser, which implements industry-standard cryptographic algorithms. No data is sent to any server. However, the security of your encrypted data depends on the strength of your password or key.
Base64 is an encoding format that converts binary data to text — it provides no security and anyone can decode it. Encryption (AES, RSA) transforms data using a secret key so only authorized parties can read it.