How does the rail fence cipher work?

You imagine a set number of horizontal rails and write the plaintext diagonally, going down to the bottom rail then back up to the top, in a zigzag. Then you read the letters off one rail at a time, top to bottom, left to right. With 3 rails WEAREDISCOVEREDFLEEATONCE lands as W..E..C..R..L..T..E on the top rail, E.R.D.S.O.E.E.F.E.A.O.C on the middle, and ..A..I..V..D..E..N on the bottom, which read together give WECRLTEERDSOEEFEAOCAIVDEN. Decryption rebuilds that empty zigzag, fills it rail by rail, and reads the path back.

How do I break a rail fence cipher when I don't know the rail count?

The rail count is the whole key, and it is small, usually between 2 and about 10. So you just try them all. Switch this tool to brute force and it decrypts the ciphertext at rail count 2, 3, 4 and up, listing each candidate. Scan the rows for the one that reads as plain words or a valid flag. For instance a CTF string that resolves to flag{...} at 4 rails tells you the setter used 4. No frequency analysis is needed because the letters are unchanged, only reordered.

What is the difference between a transposition cipher and a substitution cipher?

A substitution cipher like Caesar or Vigenère replaces each letter with a different one, so A might become D, and the letter frequencies shift. A transposition cipher like rail fence keeps every original letter and only changes its position. If you count letters in the ciphertext and the plaintext they match exactly, which is a quick way to tell you are looking at a transposition. That is also why rail fence shuffles spaces and punctuation while Caesar leaves them alone.

Why do spaces, punctuation and Chinese characters get scrambled too?

Because rail fence moves characters rather than mapping letters through an alphabet, it treats every character the same way: each one gets a slot on the zigzag. A space is just another character that lands on a rail and gets read out in its new position. The same goes for digits, punctuation and CJK characters, which are handled as whole code points so a Chinese character is never split. Encrypt "rail fence demo" and the space rides along inside the scrambled output.

What does the offset do?

The offset shifts where the zigzag starts along its down-then-up cycle. With offset 0 the first character begins at the top rail going down. A non-zero offset starts the path partway through, which changes the whole layout and acts as a second part of the key on top of the rail count. To decrypt correctly you must use the same rail count and the same offset that were used to encrypt; the shareable link carries both so a recipient reopens the exact configuration.

Solve a CTF transposition challenge

A beginner CTF crypto task drops a string like "fanlrieca{lfeg_}" that scrambles a flag with no key attached. Paste it in, switch to brute force, and the tool decrypts at every rail count from 2 up. One row snaps the braces and letters back into flag{rail_fence}, and the rail count it sits on (4) is the key. No script, no graph paper, no counting diagonals by hand.

Build a puzzle for an escape room or treasure hunt

You want a clue that looks like gibberish until the player finds the rail count. Type the clue, set 4 rails, copy the encrypted line onto a prop card, and write "4" somewhere else in the room. When players pair the two, they decrypt the message. The shareable link reopens your exact rails and offset, so you can hand the setup to a co-organizer without re-typing anything.

Teach transposition vs substitution in class

Most intro lessons start with Caesar, which swaps letters. Rail fence is the clean counter-example that keeps every letter and only moves it. Turn on the zigzag grid, type a word, and the class watches the letters fall diagonally across the rails and read off row by row. Slide the rail count to show how the same text reorders differently, then decrypt to prove the move is reversible.

Recover an old note encoded years ago

You find a scrap that reads "T aie hsi alfnemgisr cs" and remember only that you used a rail fence cipher, not which rail count. Brute force lists the candidate plaintexts side by side and one of them reads "This is a rail fence msg" at 3 rails. The rail count beside that row is the key you forgot, and now you can decode the rest of the notebook the same way.

Rail Fence Cipher: Encoder, Decoder & Brute-Force Solver

Encrypt, decrypt and brute-force a rail fence zigzag cipher, with a live grid, rail count plus offset, browser-only

Runs locally
Category Encoding & Crypto
Best for Checking small payloads, tokens, hashes, and encoded values quickly.

Rail fence (zigzag) cipher. Text is written diagonally across a set number of rails, then read off row by row. It is a transposition cipher — it reorders characters, it does not replace them, so spaces, punctuation and CJK all get shuffled too. The only key is the rail count. Don’t know it? Try Brute force and read the row that makes sense.

Rails

Offset

Input0 chars

Output0 chars

Encrypted / decrypted text appears here.

What this tool does

Free online rail fence cipher tool that encrypts, decrypts and brute-forces the classic zigzag transposition cipher right in your browser. Set any rail count from 2 up and an optional starting offset, and the text is written diagonally down then up across the rails and read off row by row. The famous example WEAREDISCOVEREDFLEEATONCE on 3 rails becomes WECRLTEERDSOEEFEAOCAIVDEN. Because rail fence is a transposition cipher it reorders characters instead of replacing them, so spaces, punctuation, digits and CJK text all take part in the shuffle and nothing is dropped. Don't know the rail count? Brute-force mode decrypts at every rail count from 2 up and lists the candidates so you can read the one that makes sense, which is how rail fence CTF and puzzle challenges get solved. A zigzag grid shows exactly how each character lands on the rails. The tool is 100% client-side with copy buttons and a shareable link that reopens the same text, rails and offset. No upload, no server round-trip.

Tool details

Input: Text + Numbers; The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
Output: Live result + Copy + Preview; The result area focuses on usable output, with copy, download, or preview actions when supported.
Privacy: Browser-side processing; The main tool logic does not call an external API, so inputs normally stay in the current tab.
Save / share: Shareable URL state; Key settings are encoded in the URL so another person can reopen the same setup.
Performance budget: Initial JS <= 12 KB; No WASM budget is declared, keeping the tool quick to open on mobile.
Best fit: Encoding & Crypto · Student; Category and role tags drive related tools, internal links, and quick fit checks.

How to use

1. Input

Paste or drop your content into the tool panel.
2. Process

Click the button. All processing is local in your browser.
3. Copy / Download

Copy the result or download to disk in one click.

How Rail Fence Cipher Encoder & Decoder fits into your work

Use it for quick browser-side encoding, decoding, hashing, token checks, and share-safe transformations.

Encoding jobs

Checking small payloads, tokens, hashes, and encoded values quickly.
Preparing values for APIs, URLs, docs, or support tickets.
Avoiding account-based tools when the input might be sensitive.

Encoding checks

Do not paste live secrets unless you are comfortable with local browser handling.
Confirm whether the operation is reversible before sharing the result.
For hashes, compare the exact algorithm and casing expected by the receiver.

Good next steps

These links move the current task into a more complete workflow.

Real-world use cases

Solve a CTF transposition challenge
A beginner CTF crypto task drops a string like "fanlrieca{lfeg_}" that scrambles a flag with no key attached. Paste it in, switch to brute force, and the tool decrypts at every rail count from 2 up. One row snaps the braces and letters back into flag{rail_fence}, and the rail count it sits on (4) is the key. No script, no graph paper, no counting diagonals by hand.
Build a puzzle for an escape room or treasure hunt
You want a clue that looks like gibberish until the player finds the rail count. Type the clue, set 4 rails, copy the encrypted line onto a prop card, and write "4" somewhere else in the room. When players pair the two, they decrypt the message. The shareable link reopens your exact rails and offset, so you can hand the setup to a co-organizer without re-typing anything.
Teach transposition vs substitution in class
Most intro lessons start with Caesar, which swaps letters. Rail fence is the clean counter-example that keeps every letter and only moves it. Turn on the zigzag grid, type a word, and the class watches the letters fall diagonally across the rails and read off row by row. Slide the rail count to show how the same text reorders differently, then decrypt to prove the move is reversible.
Recover an old note encoded years ago
You find a scrap that reads "T aie hsi alfnemgisr cs" and remember only that you used a rail fence cipher, not which rail count. Brute force lists the candidate plaintexts side by side and one of them reads "This is a rail fence msg" at 3 rails. The rail count beside that row is the key you forgot, and now you can decode the rest of the notebook the same way.

Common pitfalls

Encrypting and decrypting with the same direction. Rail fence is not self-inverse, because writing the zigzag and reading it back are two different operations. If you encrypt with 3 rails and then run Encrypt again instead of Decrypt, you scramble the text a second time rather than recovering it. Switch the mode to Decrypt and keep the rail count identical.
Stripping spaces and punctuation first. Rail fence is a transposition cipher, so every character takes part in the shuffle, including spaces. If you remove the spaces before encrypting but the recipient leaves them in when decrypting, the rail layout no longer matches and the message comes out wrong. Encode and decode the exact same string.
Forgetting the offset you set. Rails plus a non-zero offset is still a valid key, but both halves must match to recover the text. Decrypting with the right rail count but offset 0 when you encrypted at offset 2 gives garbage. The shareable link carries both, so use it rather than trusting memory.

Privacy

Every encode and decode runs in plain JavaScript inside your browser tab. The text you type never leaves the page and nothing is logged. One thing worth saying plainly: the rail fence cipher is not real encryption. The only secret is a small rail count, and the brute-force mode here cracks an unknown key in one click, so never use it to protect a password, document or private message. It is built for puzzles, CTF practice and teaching. The shareable link encodes your text, rails and offset in the query string, so a link pasted into chat lands those characters in the recipient server's access log. Fine for a puzzle, not for anything you truly need kept private.

FAQ

Tool combos

Folks in your role tend to reach for these alongside this tool.

Browse all tools for this role

Rail Fence Cipher: Encoder, Decoder & Brute-Force Solver

What this tool does

Tool details

How to use

1. Input

2. Process

3. Copy / Download

How Rail Fence Cipher Encoder & Decoder fits into your work

Encoding jobs

Encoding checks

Good next steps

Real-world use cases

Solve a CTF transposition challenge

Build a puzzle for an escape room or treasure hunt

Teach transposition vs substitution in class

Recover an old note encoded years ago

Common pitfalls

Privacy

FAQ

Caesar Cipher Encoder & Decoder

Vigenère Cipher Encoder / Decoder

ROT13 Encoder & Decoder

Morse Code Translator

AES Text Encryptor

Affine Cipher Encoder & Decoder

Atbash Cipher

Bacon Cipher Encoder & Decoder

Base32 / Base58 Encoder & Decoder

Base62 Encoder & Decoder

Base64 Block Deduplicator

Base64 Block Extractor