Encrypt / Decrypt

Encrypt and decrypt text with a passphrase using AES-256-GCM. All processing is done client-side.

Passphrase

Plaintext

Encrypted (Base64)

Technical Details

Algorithm: AES-256-GCM (authenticated encryption)
Key derivation: PBKDF2 with SHA-256, 600,000 iterations
Salt: 16 random bytes (unique per encryption)
IV: 12 random bytes (unique per encryption)
Output: Base64-encoded (salt + IV + ciphertext)

How It Works

Enter your passphrase

Type a secret passphrase that will be used as the encryption key via PBKDF2 key derivation.

Encrypt or decrypt

Switch between Encrypt and Decrypt tabs. Paste plaintext to encrypt, or Base64 ciphertext to decrypt.

Copy the result

Copy the encrypted Base64 output to share securely, or copy the decrypted plaintext.

FAQ

AES-256-GCM, an authenticated encryption algorithm. It provides both confidentiality and integrity — tampered ciphertext will fail to decrypt.

No. All encryption and decryption happens entirely in your browser using the Web Crypto API. Nothing is transmitted.

PBKDF2 with SHA-256 and 600,000 iterations. A random 16-byte salt is generated per encryption to prevent rainbow table attacks. Need a strong passphrase? Generate one with the password generator.

Yes. The encrypted output contains the salt and IV needed for decryption. Anyone with the correct passphrase can decrypt it in any tool that implements the same scheme.

Building something that handles sensitive data?

Plan your security and architecture before writing code — run a Discovery session.

Built & Maintained by Varstatt

Varstatt is a one-person product studio run by Jurij Tokarski, product engineer since 2011. These tools are free and open — no signup, no catch.