Encrypt / Decrypt

Encrypt and decrypt text with a passphrase using AES-256-GCM. Client-side authenticated encryption — nothing is sent to a server.

How It Works

1

Enter your passphrase

Type a secret passphrase that will be used as the encryption key via PBKDF2 key derivation.

2

Encrypt or decrypt

Switch between Encrypt and Decrypt tabs. Paste plaintext to encrypt, or Base64 ciphertext to decrypt.

3

Copy the result

Copy the encrypted Base64 output to share securely, or copy the decrypted plaintext.

FAQ

AES-256-GCM, an authenticated encryption algorithm. It provides both confidentiality and integrity — tampered ciphertext will fail to decrypt.
No. All encryption and decryption happens entirely in your browser using the Web Crypto API. Nothing is transmitted.
PBKDF2 with SHA-256 and 600,000 iterations. A random 16-byte salt is generated per encryption to prevent rainbow table attacks. Need a strong passphrase? Generate one with the password generator.
Yes. The encrypted output contains the salt and IV needed for decryption. Anyone with the correct passphrase can decrypt it in any tool that implements the same scheme.

Built & Maintained by Varstatt

Varstatt is a one-person product studio run by Jurij Tokarski, product engineer since 2011. These tools are free and open — no signup, no catch.