Note: This tool is completely client-based. All encryption and decryption happens on your device. Your password and your data are never sent to any server.
What's This For?
This tool lets you encrypt text in your browser with a password. The result is regular text that you can easily copy and paste. The encryption happens entirely on your device, and you keep complete control over what you share. You can then safely send the encrypted text through apps or channels you don’t fully trust (for example WhatsApp or Telegram).
The tool also tolerates extra spaces or newlines, so copy/paste mistakes won’t break decryption. You’ll still need to share the password separately through a secure channel (e.g. in person or by phone). Use a strong password.
How This Tool Works
This tool uses a transparent, multi-step process with modern, open-standard cryptography to protect your data. All operations happen entirely within your browser; your password and data never leave your device (I encourage you to check the js code and verify yourself).
Key Derivation: Your password is never used directly as the encryption key. Instead, it's combined with a unique, randomly generated Salt and fed into an industry-standard algorithm called PBKDF2. This function is intentionally slow, running thousands of iterations to "stretch" your password into a very strong 256-bit encryption key. This process makes brute-force (guessing) attacks extremely difficult and time-consuming.
Encryption: Once the strong key is derived, your text is encrypted using AES-256-GCM.
AES-256 is the Advanced Encryption Standard, a specification trusted by governments, banks, and security experts worldwide. The "256" refers to the key size, offering an astronomical number of possible keys.
GCM (Galois/Counter Mode) is a highly secure mode for AES that not only encrypts your data but also creates a digital fingerprint (an authentication tag). This ensures that the encrypted data cannot be secretly modified without being detected during decryption.
Final Output: The encrypted text you see is actually a bundle containing the Salt, the Initialization Vector (IV, a random number needed for decryption), the authentication tag, and the encrypted ciphertext itself. All these components are required to correctly decrypt the message.
How Secure Is It? 🛡️
The cryptographic standards used (AES-256 and PBKDF2) are considered unbreakable by today's computers. The security of your encrypted data, therefore, depends almost entirely on the strength of your password.
For example, if you use a strong, 12-character password with a mix of letters, numbers, and symbols, it would take a supercomputer trillions of years to brute-force it. The encryption itself will not be the weak point.
Are You an Android or Tech Geek?
If you're an Android enthusiast who likes to learn more about Android internals, I highly recommend checking out the Bugjaeger app. It allows you to control your Android devices, like e.g. TV or phone, from your iPhone or Android phone. You'll be able to mirror screen, check logs, run scripts and various ADB commands directly from your phone or iPhone.
Have Feedback or a Feature Request?
If something isn't working as expected, or you have an idea for another feature, please send me an email at
