DevToolbox

Encryption Playground

Experiment with AES and RSA encryption and decryption entirely in your browser. Generate keys, encrypt text, and see every step of the process.

About This Tool

The Encryption Playground lets you experiment with symmetric and asymmetric encryption algorithms directly in your browser using the Web Crypto API. It supports AES-GCM (authenticated encryption, recommended for most use cases), AES-CBC (classic block cipher mode), and RSA-OAEP (asymmetric encryption for key exchange and small payloads).

On the AES tab you can generate random 128-bit or 256-bit keys, encrypt plaintext, and see the resulting ciphertext encoded as Base64. The initialization vector (IV) is automatically generated for each encryption operation and prepended to the ciphertext, so you can decrypt by simply pasting the combined output back along with the same key. AES-GCM is recommended because it provides both confidentiality and integrity — if the ciphertext is tampered with, decryption will fail rather than silently producing garbage.

On the RSA tab you can generate 2048-bit or 4096-bit RSA-OAEP key pairs, encrypt small messages with the public key, and decrypt them with the private key. RSA is not designed for encrypting large amounts of data; instead it is typically used to encrypt a symmetric key which then encrypts the actual payload. The tool shows the PEM-formatted public and private keys so you can study their structure.

Every operation displays a step-by-step log that explains what is happening under the hood — key generation, IV creation, encryption, encoding — making this a useful educational tool for developers learning about cryptography. If you need to hash data rather than encrypt it, try the Hash Generator. For simple text obfuscation you can use the Text Encrypt / Decrypt tool, and for encoding binary data as text the Base64 encoder is the standard choice.

All cryptographic operations run entirely client-side. No keys, plaintext, or ciphertext are ever transmitted to any server.

How to Use

  1. Select the AES or RSA tab depending on which algorithm you want to experiment with.
  2. For AES: choose a mode (AES-GCM recommended) and key size (128 or 256 bit), then click Generate Key to create a random key.
  3. Enter your plaintext in the text area and click Encrypt. The ciphertext (Base64, with IV prepended) and the IV appear below.
  4. To decrypt, paste the ciphertext and key into the Decrypt section and click Decrypt. The original plaintext is recovered.
  5. For RSA: select a key size (2048 or 4096 bit) and click Generate Key Pair. The public and private keys are displayed in PEM format.
  6. Enter plaintext (limited by key size) and click Encrypt to encrypt with the public key. Paste the ciphertext into the Decrypt section and click Decrypt to recover the message with the private key.
  7. Watch the Operation Log at the bottom to see each step of the cryptographic process as it happens.

FAQ

Is my data safe?

Yes. All encryption and decryption operations run entirely in your browser using the Web Crypto API. No keys, plaintext, or ciphertext are ever sent to any server. You can verify this by inspecting network activity in your browser's developer tools.

What is the difference between AES-GCM and AES-CBC?

AES-GCM (Galois/Counter Mode) is an authenticated encryption mode that provides both confidentiality and integrity. If the ciphertext is modified, decryption will fail with an error. AES-CBC (Cipher Block Chaining) provides only confidentiality — it will not detect tampering. For most applications, AES-GCM is the recommended choice.

Why is my RSA plaintext limited in size?

RSA-OAEP with SHA-256 can only encrypt data shorter than (key size in bytes) minus 66 bytes of padding overhead. For a 2048-bit key that is about 190 bytes, and for 4096-bit about 446 bytes. RSA is designed for encrypting small values like symmetric keys, not large messages. For large data, use AES.

Can I use these keys in my own application?

Yes. The AES keys are exported in raw hex format, and the RSA keys are exported in standard PEM format (SPKI for public keys, PKCS8 for private keys). You can import them into any crypto library that supports these standard formats.

What happens to the initialization vector (IV)?

For AES encryption, a random IV is generated for each operation (12 bytes for GCM, 16 bytes for CBC). The IV is prepended to the ciphertext before Base64 encoding, so the combined output contains everything needed for decryption. Never reuse an IV with the same key.

Is AES-256 significantly stronger than AES-128?

Both AES-128 and AES-256 are considered secure against brute-force attacks with current technology. AES-256 provides a larger security margin and is required by some compliance standards (e.g., certain government classifications). For most applications, AES-128 is perfectly adequate, while AES-256 offers extra peace of mind.

Related Tools

Text Encrypt / Decrypt

Encrypt and decrypt text with AES-256-GCM using a password. All processing in your browser.

RSA Key Pair Generator

Generate RSA key pairs (2048/3072/4096-bit) in PEM format using the Web Crypto API. Entirely in-browser.

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes for text and files.

HMAC Generator

Generate HMAC signatures using MD5, SHA-1, SHA-256, SHA-384, and SHA-512 with hex or Base64 output.

Base64 Encode/Decode

Encode and decode Base64 strings and files with drag-and-drop support.