Toolypet
SECURITY TOOL

Text Encryption Tool

Encrypt and decrypt text using AES-256-GCM with PBKDF2 key derivation. Military-grade encryption running entirely in your browser via the Web Crypto API.

Algorithm
AES-256-GCM
PBKDF2 key derivation (100k iterations, SHA-256)

Enter text and a secret key, then click encrypt or decrypt

AES-256-GCM: Military-Grade Encryption in Your Browser

How AES-GCM Works

AES (Advanced Encryption Standard) operates on 128-bit blocks using a substitution-permutation network. With a 256-bit key, there are 2256possible keys — a number so large that brute-forcing it would require more energy than the sun will produce in its lifetime. GCM (Galois/Counter Mode) adds authenticated encryption: it not only encrypts your data but also generates a 128-bit authentication tag that detects any tampering. If an attacker modifies even one bit of the ciphertext, decryption fails entirely rather than producing corrupted output.

PBKDF2: From Password to Key

Password → PBKDF2(SHA-256, salt, 100K iterations) → 256-bit AES Key

A human-chosen password has far less entropy than a 256-bit random key. PBKDF2 bridges this gap by running your password through 100,000 iterations of HMAC-SHA-256 with a random 16-byte salt. Each iteration adds computational cost: an attacker trying 1 million passwords must perform 100 billion HMAC operations. The random salt ensures that identical passwords produce different keys, defeating precomputed rainbow table attacks. The derived key is then used as the AES-256-GCM encryption key.

What's Inside the Ciphertext

[Salt: 16 bytes] + [IV: 12 bytes] + [Encrypted Data + Auth Tag]

The Base64 output contains three concatenated components. The salt (16 random bytes) is used for key derivation. The IV (Initialization Vector)(12 random bytes) ensures that encrypting the same text with the same password produces different ciphertext every time — critical for semantic security. The remaining bytes are the encrypted data followed by the GCM authentication tag. All three components are needed for decryption, and they are safe to transmit alongside the ciphertext because they cannot reveal the key without the password.

Who Uses AES-256-GCM?

AES-256-GCM is the standard for TLS 1.3 (every HTTPS connection you make), Signal Protocol (used by Signal, WhatsApp, and Google Messages), IPsec VPNs, and US government classified data (NSA Suite B). It is approved by NIST, BSI (Germany), and ANSSI (France). When this tool encrypts your text, it uses the exact same algorithm and key sizes as these systems.

Frequently Asked Questions

Why does encrypting the same text twice produce different output?

Each encryption generates a fresh random salt (16 bytes) and IV (12 bytes). Even with identical plaintext and password, these random values produce a completely different ciphertext. This is called semantic security— an attacker observing multiple ciphertexts cannot determine whether they encrypt the same message. Without it, patterns in encrypted data could leak information about the plaintext.

Is 100,000 PBKDF2 iterations enough?

OWASP recommends a minimum of 600,000 iterations for PBKDF2-SHA256 as of 2023. Our 100,000 iterations balance security with browser performance (avoiding UI freezes). For protecting truly sensitive data, use a strong passphrase (20+ characters) to compensate — the key derivation slows brute-force attempts, but a strong passphrase makes them infeasible regardless of iteration count.

What happens if someone tampers with the ciphertext?

GCM's authentication tag will detect it, and decryption will fail with an error rather than producing corrupted plaintext. This is the key advantage of authenticated encryption over older modes like CBC — you get a guarantee that the decrypted data is exactly what was originally encrypted, or you get nothing at all. Padding oracle attacks, which plagued CBC-mode encryption for years, are impossible with GCM.