DevToolbox

Text Encrypt / Decrypt

Encrypt and decrypt text with AES-256-GCM using a password. All processing happens in your browser.

About This Tool

The Text Encrypt / Decrypt tool provides AES-256-GCM encryption directly in your browser. Enter your plaintext and a password, and the tool produces a portable Base64-encoded ciphertext that can be safely shared or stored. Decryption requires the same password — no keys to manage.

Under the hood, the password is run through PBKDF2 (100,000 iterations of SHA-256) with a random salt to derive a 256-bit AES key. A random 12-byte IV (initialization vector) ensures that encrypting the same plaintext with the same password produces different ciphertext each time. The GCM mode provides authenticated encryption, meaning any tampering with the ciphertext is detected automatically.

All cryptographic operations use the browser's native Web Crypto API, which is hardware-accelerated and considered production-grade. Your plaintext, password, and encrypted output never leave your device. For hashing (one-way) rather than encryption (reversible), see the <Link href={getLocalePath(locale, "/tools/hash-generator")} className="text-primary underline underline-offset-2"

Hash Generator . Need a strong password to use with this tool? Generate one with the <Link href={getLocalePath(locale, "/tools/password-generator")} className="text-primary underline underline-offset-2"

Password Generator .

The tool also supports file encryption via drag-and-drop. Encrypted files are downloaded with a .enc extension and can be decrypted by dropping them back in. The encryption parameters (salt, IV, algorithm, iterations) are displayed for transparency. For encoding binary data as text, check out the <Link href={getLocalePath(locale, "/tools/base64")} className="text-primary underline underline-offset-2"

Base64 Encoder .

How to Use

  1. Select Encrypt or Decrypt mode using the tabs at the top.
  2. In Encrypt mode, type or paste the text you want to encrypt.
  3. Enter a password. The strength meter shows the estimated security of your password.
  4. Click Encrypt or press Ctrl+Enter. The Base64-encoded ciphertext appears below.
  5. To decrypt, switch to Decrypt mode, paste the ciphertext, enter the same password, and click Decrypt.
  6. Use the file area to drag and drop files for encryption or decryption.
  7. Press Ctrl+Shift+C to copy the output to your clipboard.

FAQ

Is my data safe?

Yes. All encryption and decryption runs in your browser using the Web Crypto API. Your plaintext, passwords, and ciphertext are never sent to any server. You can verify this in your browser's Network tab.

What encryption algorithm is used?

AES-256-GCM (Advanced Encryption Standard with 256-bit key in Galois/Counter Mode). This is an authenticated encryption algorithm that provides both confidentiality and integrity protection.

How is the encryption key derived from my password?

The password is processed through PBKDF2 (Password-Based Key Derivation Function 2) with SHA-256, using 100,000 iterations and a random 16-byte salt. This produces a 256-bit AES key that is resistant to brute-force attacks.

What is the output format?

The encrypted output is a Base64 string in the format salt:iv:ciphertext, where each component is Base64-encoded. The salt is 16 bytes, the IV (initialization vector) is 12 bytes, and the ciphertext includes the GCM authentication tag.

Can I decrypt data encrypted by other tools?

Only if they use the same format (AES-256-GCM with PBKDF2-SHA256 key derivation and the salt:iv:ciphertext Base64 encoding). The tool uses a specific format, so data encrypted with different tools or parameters may not be compatible.

What happens if I enter the wrong password for decryption?

AES-GCM includes an authentication tag that verifies the integrity of the data. If the wrong password is used, the derived key will be different and decryption will fail with a clear error message — no corrupted output is produced.

Does this tool support file encryption?

Yes. You can drag and drop a file onto the file upload area to encrypt or decrypt it. The encrypted file is downloaded as a .enc file, and decrypted files retain their original name.

Related Tools

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes for text and files.

Password Generator

Generate secure passwords and passphrases with entropy-based strength analysis.

JWT Decoder

Decode JSON Web Tokens to inspect header, payload, and verify signatures.

Base64 Encode/Decode

Encode and decode Base64 strings and files with drag-and-drop support.

Encryption Playground

Experiment with AES-GCM, AES-CBC, and RSA-OAEP encryption. Step-by-step visualization of the encryption process.