Text Encryption
Secure text encryption and decryption using AES-GCM
Text to Encrypt
Use a strong, unique key. Keep it safe - you'll need it to decrypt!
Encrypt and decrypt text messages using password-based AES-256 encryption entirely in your browser. Text Encryption is designed for sharing sensitive information — passwords, API keys, private notes — through untrusted channels like email, Slack, or public repositories, where end-to-end confidentiality is required.
Password-Based AES-256 Text Encryption for Secure Sharing
When you need to share sensitive text — database credentials, private keys, confidential instructions, or personal information — through channels you do not fully control, encrypting the message before transmission ensures that only the intended recipient with the correct password can read it. This is the fundamental use case for password-based text encryption.
This tool encrypts plaintext strings using AES-256 with password-based key derivation (PBKDF2 or scrypt), producing a portable encrypted string that can be safely pasted into any medium. Recipients decrypt it using the same password in the same tool. The encrypted output is pure ASCII (base64-encoded), making it safe to transmit through any text channel without encoding issues.
All encryption and decryption happen exclusively in your browser using the Web Crypto API. Plaintext, passwords, and ciphertext are never transmitted to any server. You can even use this tool offline after loading the page, ensuring complete isolation from network surveillance.
Sharing Secrets Safely Through Untrusted Channels
Slack messages, emails, and GitHub comments are stored on third-party servers and may be accessible to administrators, subject to legal discovery, or exposed in data breaches. Sending an encrypted ciphertext through these channels and the decryption password through a separate channel (SMS, phone call, or in-person) provides two-factor secrecy: an attacker would need both the ciphertext and the password. This is a practical implementation of the split-knowledge principle for low-friction secure communication.
Sharing Credentials Through Insecure Channels
Encrypt database passwords, API keys, or SSH credentials before sending them via email or chat, then share the decryption password through a separate communication channel.
Storing Sensitive Notes in Version Control
Encrypt private configuration notes, personal access tokens, or environment variable values before committing them to a repository where they could be exposed.
Protecting Confidential Text in Public Storage
Encrypt sensitive text before storing it in public or shared cloud storage like Google Drive, Dropbox, or Notion, where access control may be insufficient.
- 1
Enter a Strong Password
Choose a password that is long and random. The password is the only protection for the encrypted message — a weak password can be brute-forced. For automated use cases, generate a random token using the Token Generator tool and use it as the encryption password.
- 2
Type or Paste Your Text
Enter the sensitive text you want to protect. The tool accepts any UTF-8 text including multi-line content, special characters, and emoji. Maximum input size depends on your browser but typically supports several megabytes of text.
- 3
Share the Ciphertext and Password Separately
Copy the encrypted output and send it through your regular channel (email, Slack, etc.). Send the password through an entirely separate channel — phone, SMS, or in-person. Both pieces are required for decryption, so intercepting only the ciphertext is useless.
AES-256 Password-Based Encryption
Encrypts text using AES-256 with PBKDF2 key derivation, providing strong encryption from a human-readable password with brute-force resistance via high iteration counts.
Portable ASCII Ciphertext Output
Encrypted output is base64-encoded ASCII, safe to paste into any text field, email body, or document without encoding issues or character corruption.
Offline-Capable Browser Tool
After initial page load, text encryption and decryption work completely offline. No network requests are made during cryptographic operations — ideal for air-gapped or restricted environments.
Found this tool useful?
Share your experience and help others discover it.