Encrypt & decrypt text with a password — AES-256-GCM + PBKDF2 via WebCrypto — 100% in your browser, nothing uploaded
- Runs locally
- Category Encoding & Crypto
- Best for Checking small payloads, tokens, hashes, and encoded values quickly.
What this tool does
Encrypt any text with a password and get a single Base64 string you can safely paste into an email, a chat, a Git commit, or a sticky note — then decrypt it back with the same password. Built entirely on the browser's native WebCrypto API: a random 16-byte salt feeds PBKDF2 (SHA-256, 250,000 iterations) to stretch your password into a 256-bit key, and AES-256-GCM encrypts the message with a fresh random 12-byte IV every time. Salt, IV, and ciphertext are packed into one self-describing payload, so the person decrypting only needs the string and the password — no separate key files to ship around. GCM is authenticated encryption, which means decryption fails loudly if the password is wrong or a single byte was altered, instead of silently handing back garbage. There is no server, no upload, no logging, and no account: your plaintext, your password, and your ciphertext never leave this tab. We deliberately do not save anything to localStorage and never put your data in the URL — the only thing shareable is the empty tool page itself. Use it to send a one-off secret without standing up PGP, to stash an API key in a notes app you do not fully trust, or to add a verifiable integrity check to text you are about to transmit.
Tool details
- Input
- Text
- The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
- Output
- Live result + Copy
- The result area focuses on usable output, with copy, download, or preview actions when supported.
- Privacy
- Browser-side processing
- The main tool logic does not call an external API, so inputs normally stay in the current tab.
- Save / share
- Shareable URL state
- Key settings are encoded in the URL so another person can reopen the same setup.
- Performance budget
- Initial JS <= 14 KB
- No WASM budget is declared, keeping the tool quick to open on mobile.
- Best fit
- Encoding & Crypto · Developer
- Category and role tags drive related tools, internal links, and quick fit checks.
How to use
-
1. Input
Paste or drop your content into the tool panel.
-
2. Process
Click the button. All processing is local in your browser.
-
3. Copy / Download
Copy the result or download to disk in one click.
How AES Text Encryptor fits into your work
Use it for quick browser-side encoding, decoding, hashing, token checks, and share-safe transformations.
Encoding jobs
- Checking small payloads, tokens, hashes, and encoded values quickly.
- Preparing values for APIs, URLs, docs, or support tickets.
- Avoiding account-based tools when the input might be sensitive.
Encoding checks
- Do not paste live secrets unless you are comfortable with local browser handling.
- Confirm whether the operation is reversible before sharing the result.
- For hashes, compare the exact algorithm and casing expected by the receiver.
Good next steps
These links move the current task into a more complete workflow.
- 1 Bcrypt Generator bcrypt password hash generator + verifier — pick rounds, hash and compare in browser. Open
- 2 Password Generator Generate strong, cryptographically random passwords and passphrases — entirely in your browser. Open
- 3 MD5 / SHA Hash Generator Compute MD5 / SHA-1 / SHA-256 / SHA-384 / SHA-512 hashes, all five at once, browser-only Open
Real-world use cases
Send a one-off secret without setting up PGP
You need to send a colleague a database connection string or a recovery code, but standing up PGP keys for a single message is overkill. Workflow: paste the secret, type a passphrase you can tell them out-of-band (over a phone call, not the same email), hit Encrypt, copy the Base64 blob into the email. They paste it here, type the same passphrase, hit Decrypt. The secret never travels in cleartext through your mail provider's servers, and there is no key infrastructure to manage afterward.
Stash an API key in a notes app you do not fully trust
You keep working notes in a cloud notes app that syncs everywhere, and you want a Stripe or OpenAI key handy without it sitting in plaintext on someone else's server. Encrypt the key with a strong passphrase, paste only the ciphertext into the note. When you need the key, open this tool, paste the blob, decrypt. Even if the notes provider is breached, the attacker gets an AES-256 blob, not your key.
Add a tamper-evident integrity check to transmitted text
You are pasting a config snippet into a ticket and want the recipient to know it arrived unmodified. Because AES-GCM is authenticated, encrypting the snippet means any later edit — even a single character — makes decryption fail outright rather than silently producing a wrong-but-plausible result. The recipient decrypting successfully is proof the bytes are exactly what you sent.
Teach or demo authenticated encryption hands-on
Explaining why "encryption without authentication is dangerous" lands better with a live demo. Encrypt a message, copy the Base64, then flip one character of the ciphertext and try to decrypt — it fails with an auth error instead of returning corrupted text. Then show that Base64 alone hides nothing by decoding it elsewhere. Two minutes of pasting beats a slide on GCM tags.
Protect clipboard text on a shared or kiosk machine
On a shared workstation you sometimes need to carry a short secret between two sessions without leaving it readable in a paste buffer or a temp file. Encrypt it here first, move only the ciphertext, and decrypt on the other side. If someone inspects the clipboard history or a synced paste manager, they see an opaque blob, not the secret.
Common pitfalls
Using a weak, short password. PBKDF2 at 250,000 iterations slows offline brute force but does not make a 6-character password safe — once an attacker has your ciphertext they can grind guesses on their own hardware. Use a long random passphrase, especially for anything valuable.
Pasting only part of the ciphertext. The payload bundles the salt and IV with the ciphertext, so dropping characters (or losing trailing Base64 padding when copying) makes it undecodable. Copy the whole string, every character, including any trailing `=`.
Treating Base64 ciphertext as "encrypted enough" to ignore where it lands. Encryption protects the content, but the password is the keystone. Do not send the password in the same channel as the ciphertext, and do not store both together — that defeats the entire point.
Privacy
Everything runs locally in your browser through the WebCrypto API (AES-256-GCM, PBKDF2-SHA256), with all randomness from crypto.getRandomValues. There is no server: your plaintext, password, and ciphertext are never uploaded, never logged, and never seen by us. This tool intentionally does NOT save anything to localStorage and NEVER writes your input into the URL — because the content is sensitive, the only shareable thing is the empty tool page, not your data. That means there is no history and nothing to recover if you close the tab, which is the correct trade-off for a tool like this. Your security still depends on choosing a strong password and not pasting the result somewhere it can leak.
FAQ
Tool combos
Folks in your role tend to reach for these alongside this tool.
- 555 Timer Calculator Astable f = 1.44/((R1+2R2)C) + monostable t = 1.1RC — pick R1, R2, C in Ω/kΩ and µF/nF, read frequency, duty cycle and pulse width — browser-only
- Add Line Numbers Number every line of pasted text — set start, step and separator, zero-pad to align, skip blanks, or strip numbers back off — browser-only
- Age Difference Calculator The exact gap between two birthdays — years/months/days, percentage, and the date one person is twice the other's age — browser-only
- AI Eval Planner Generate eval cases, pass criteria, and edge cases from an AI feature, risks, and user path.