Text Encryption & Decryption

Encrypt and decrypt text online for free with 12 algorithms. AES-256-GCM, MD5, SHA-256, Base64, Hex, URL Encoding, ROT13, Caesar, Vigenère, Atbash, Reverse & Morse. Real-time processing, 100% browser-based.

Real-time
No password
AES-256-GCM — Military-grade encryption. Uses PBKDF2 key derivation (100k iterations) with random salt and IV. Your data is encrypted locally in the browser.

Plain Text

0 chars

Encrypted Text

0 chars

Secure Text Encryption in Your Browser

Protect sensitive text with military-grade AES-256-GCM encryption, generate cryptographic hashes with MD5 and SHA-256, encode data with Base64/Hex/URL encoding, or explore classical ciphers like Caesar, Vigenère, and Atbash. All 12 algorithms run entirely in your browser — no data is ever sent to a server.

Understanding AES-256-GCM & the Password: When you select AES-256-GCM, your password is the single most important element. The tool uses PBKDF2 to derive a 256-bit encryption key from your password through 100,000 iterations of hashing with a random salt. A random IV (Initialization Vector) ensures that encrypting the same text with the same password produces different output every time. The "GCM" (Galois/Counter Mode) provides authenticated encryption — it not only keeps your data confidential but also detects any tampering. Without the exact password, the encrypted data is completely unrecoverable. There is no master key, no backdoor, and no reset mechanism.

Hashing vs. Encryption: MD5 and SHA-256 are hashing algorithms — they produce a fixed-size fingerprint (digest) of your text that cannot be reversed. This is fundamentally different from encryption (like AES), which can be reversed with the correct key. Hashes are used for file integrity checks, digital signatures, password storage, and blockchain. Use SHA-256 for security-sensitive hashing; MD5 is faster but has known vulnerabilities.

How to Encrypt or Decrypt Text

01

Choose Algorithm & Mode

Select your encryption algorithm from the dropdown. Choose Encrypt or Decrypt mode. For AES-256-GCM, enter a strong password.

02

Enter Your Text

Type or paste your text in the input area. The output updates in real-time as you type for most algorithms.

03

Copy the Result

Click Copy to copy the encrypted or decrypted text. Use the swap button to quickly reverse the operation.

All 12 Algorithms Explained

AES-256-GCM

Military-grade authenticated encryption. Your password derives a 256-bit key via PBKDF2 (100k iterations). Random salt + IV per encryption. GCM verifies data integrity. The only true encryption in this tool.

MD5 Hash

One-way 128-bit hash (32 hex chars). Cannot be decrypted. Created by Ronald Rivest in 1991. Used for checksums, file integrity, and fingerprinting. Not recommended for security due to collision vulnerabilities.

SHA-256 Hash

One-way 256-bit hash (64 hex chars). Cannot be decrypted. Part of the SHA-2 family. Used in Bitcoin mining, TLS certificates, and digital signatures. Much stronger than MD5.

Base64 Encoding

Encodes text as ASCII-safe characters (A-Z, a-z, 0-9, +, /). Not encryption — fully reversible without a key. Used in email (MIME), data URIs, JWT tokens, and API payloads.

Hex Encoding

Converts each character to its hexadecimal (base-16) value. Each char becomes 2 hex digits. Used in programming for color codes (#FF8C00), memory addresses, and binary data inspection.

URL Encoding

Percent-encodes special characters for safe use in URLs. Spaces become %20, & becomes %26. Required for query strings and form data. Follows RFC 3986 standard.

ROT13

Shifts each letter 13 positions in the alphabet. Self-reversible — applying twice returns original text. No security, just obfuscation. Popular online for hiding spoilers.

Caesar Cipher

One of the oldest ciphers (100 BC). Shifts each letter by a fixed amount (1-25). Named after Julius Caesar. Only 25 possible keys makes it trivially easy to brute-force crack.

Vigenère Cipher

Polyalphabetic substitution using a keyword. Each letter shifts by a different amount based on the keyword. Called "the unbreakable cipher" for 300 years until broken in the 1860s.

Atbash Cipher

Ancient Hebrew cipher that reverses the alphabet: A→Z, B→Y, C→X. Self-reversible like ROT13. Used in biblical texts. Simple substitution with no key needed.

Reverse Text

Reverses the character order of the input text. Not encryption. Useful for palindrome checking, basic obfuscation, or text manipulation experiments.

Morse Code

Invented by Samuel Morse (1830s) for telegraph. Encodes as dots (.) and dashes (-). Words separated by " / ". Still used in aviation, ham radio, and emergency signaling (SOS).

Advertisement
Ad

Common Use Cases

Secure Communication

  • Encrypt sensitive messages before sending
  • Protect passwords and API keys in transit
  • Share confidential data securely
  • Encrypt notes and personal information

Development

  • Base64 encode data for API payloads
  • Test encryption/decryption workflows
  • Generate encoded strings for configs
  • Debug encoded data in applications

Education

  • Learn cryptography concepts hands-on
  • Explore classical ciphers (Caesar, ROT13)
  • Understand modern encryption (AES)
  • Practice Morse code encoding

Fun & Puzzles

  • Create encoded messages for friends
  • Solve cipher puzzles and challenges
  • Obfuscate spoilers with ROT13
  • Convert messages to Morse code

Security Tips

Use Strong Passwords for AES

Use passwords with 12+ characters mixing uppercase, lowercase, numbers, and symbols. The strength indicator helps you gauge quality. A weak password defeats even military-grade encryption.

Remember Your Password

AES-256-GCM has no recovery mechanism. If you lose the password, the encrypted data is gone forever. Store your password securely and separately from the encrypted text.

Hashes Are One-Way

MD5 and SHA-256 produce irreversible fingerprints. You cannot "decrypt" a hash. They're for verifying integrity (comparing hashes), not for hiding and recovering data.

Know the Security Spectrum

Real security: AES-256-GCM only. Integrity: SHA-256 > MD5. Encoding only: Base64, Hex, URL. Weak ciphers: Vigenère > Caesar > ROT13/Atbash. Not ciphers: Reverse, Morse.

Advertisement
Ad

Frequently Asked Questions

How does AES-256-GCM work and why does it need a password?
AES-256-GCM is a military-grade encryption standard. Your password is the key to everything: the tool derives a 256-bit encryption key from it using PBKDF2 with 100,000 iterations and a random salt. AES then encrypts your text using a random IV (initialization vector), so encrypting the same text twice produces completely different output. GCM mode adds authentication — any tampering with the encrypted data will be detected on decryption. The password is essential because without the exact same password, the data cannot be decrypted. There is no backdoor, no master key, and no recovery mechanism.

What is MD5 and can it be decrypted?
MD5 (Message Digest 5) is a one-way hash function — it produces a 128-bit (32 hex character) fingerprint. It cannot be reversed or decrypted. Hashing is fundamentally different from encryption: the same input always produces the same hash, but you cannot go from hash back to input. MD5 is used for checksums and file integrity checks. It's considered insecure for password hashing due to collision vulnerabilities discovered in 2004, but remains widely used for non-security purposes.

What is SHA-256 and how is it different from MD5?
SHA-256 produces a 256-bit (64 hex character) hash — twice the size of MD5's output. It's part of the SHA-2 family designed by the NSA and is much more secure: no collision attacks are known. SHA-256 is used in Bitcoin mining, TLS/SSL certificates, digital signatures, and git commit hashes. Like MD5, it cannot be reversed. For any security-sensitive hashing, always prefer SHA-256 over MD5.

What is the difference between encryption, encoding, and hashing?
Encryption (AES, Caesar, Vigenère) is reversible with a key and provides confidentiality. Encoding (Base64, Hex, URL) is reversible without a key — it converts data format but provides zero security. Hashing (MD5, SHA-256) is one-way — it creates a fixed-size fingerprint that cannot be reversed. In this tool: AES is the only real encryption. Base64/Hex/URL are encoding. MD5/SHA-256 are hashes. ROT13/Caesar/Vigenère/Atbash are classical ciphers (technically encryption but too weak for real security).

How does the Vigenère cipher work?
The Vigenère cipher uses a keyword to shift each letter by a different amount. For example, with keyword "KEY": the 1st letter shifts by K (10), the 2nd by E (4), the 3rd by Y (24), then it repeats. This makes it much harder to crack than Caesar because the same letter can produce different ciphertext. It was called "le chiffre indéchiffrable" (the unbreakable cipher) for 300 years until Charles Babbage and Friedrich Kasiski independently broke it in the 1860s using frequency analysis.

Is my text sent to a server?
No! All 12 algorithms run entirely in your browser. AES and SHA-256 use the native Web Crypto API, MD5 runs as pure JavaScript, and all other algorithms are simple JS functions. Your text and passwords never leave your device, ensuring complete privacy and security.

Which method should I use for real security?
For confidential data, use AES-256-GCM with a strong password (12+ characters, mixed case, numbers, symbols). For data integrity verification (checksums, fingerprinting), use SHA-256. All other methods — Base64, Hex, URL, ROT13, Caesar, Vigenère, Atbash, Reverse, and Morse — are encoding, classical ciphers, or obfuscation that provide no real security against modern attacks.