How does this text encryptor work?

It uses the browser's built-in Web Crypto API. Your password is stretched into a 256-bit key with PBKDF2 (SHA-256, 200,000 iterations by default and a random salt), then the text is sealed with AES-256-GCM using a fresh random nonce. The salt, nonce and ciphertext are packed into one base64 payload that begins with a GERA1 version tag.

Is my text or password ever uploaded?

No. Everything happens inside your browser tab — there is no server, no network request and no analytics on your content. You can disconnect from the internet and it still works. Your password never leaves the page and is never stored.

What encryption algorithm is used?

AES-256 in GCM (Galois/Counter Mode), an authenticated cipher recommended by NIST. GCM both encrypts and authenticates, so any tampering with the ciphertext is detected and decryption fails rather than returning garbage.

What happens if I enter the wrong password?

Decryption fails with a clear error. Because AES-GCM is authenticated, a wrong password (or any modified byte) cannot produce a valid output — the tool tells you the password is wrong or the message was altered instead of silently returning corrupted text.

Can I make the encryption stronger?

Yes. Open Advanced settings and raise the PBKDF2 iteration count up to 1,000,000. More iterations make brute-forcing the password slower. The count is embedded in the payload, so decryption automatically uses the matching value — you never have to remember it.

How do I share an encrypted message safely?

Send the encrypted block over any channel (email, chat, a note) but share the password through a different channel — for example, send the text by email and tell the recipient the password in person or by phone. Never put the password in the same message as the ciphertext.

Text Encryptor (AES-256)

This text encryptor locks any message, note, API key or block of text behind a password using AES-256-GCM, the same authenticated encryption standard trusted for banking and government data. It runs 100% in your browser with the native Web Crypto API, so your text and your password never touch a server. Use it to send a secret over an insecure channel, store a private note that only you can reopen, or hand a credential to a colleague without exposing it in plaintext.

How it works

Encryption here is more than scrambling characters. When you click Encrypt, the tool first generates a random 16-byte salt and stretches your password into a 256-bit key with PBKDF2 (SHA-256, 200,000 iterations by default). Key stretching makes password-guessing attacks dramatically slower. It then generates a fresh random 12-byte nonce and encrypts your text with AES-256-GCM. GCM is authenticated: alongside the ciphertext it produces a tag that guarantees the message has not been altered. The salt, nonce, iteration count and ciphertext are bundled into a single base64 string prefixed with GERA1 so the decryptor can recognise the format.

To read the message, the recipient pastes that block into Decrypt and enters the same password. The tool re-derives the identical key from the embedded salt and iteration count, then verifies and decrypts. If the password is wrong or a single byte was changed in transit, GCM authentication fails and you get an explicit error rather than silent corruption. Because the iteration count travels inside the payload, you can crank security up in Advanced settings without the other side needing to know.

Example

Suppose you need to send a database password to a teammate. Type prod-db-pw: 7Hk!92xQ into the Encrypt box, choose a strong passphrase like correct-horse-battery-staple, and click Encrypt. You get a block such as GERA1.200000.bX9... — gibberish to anyone who intercepts it. Email that block, then tell your teammate the passphrase over a phone call. They paste it into Decrypt, type the passphrase, and instantly see the original credential. Anyone who grabs the email without the passphrase sees only noise, and they cannot brute-force it cheaply thanks to PBKDF2.

The strength meter nudges you toward a long, mixed password, the Test decrypt button lets you confirm a payload round-trips before you send it, and a session history shows what you have processed. Everything stays on your machine — close the tab and it is gone.