Free encryption and decryption tool
Encrypt or decrypt any text with AES-256 in your browser. Your message and your passphrase stay on the device, so neither is transmitted anywhere or written to a log. Nothing is stored: close the tab and both are gone.
Use a long random passphrase. Six random words from the secure password generator gives about 62 bits of entropy. If you lose it, the message cannot be recovered.
Every encryption uses a fresh random salt and initialization vector, so the same message encrypted twice looks different both times. The salt and IV are stored in front of the ciphertext, which is why the output is longer than the message you typed.
How the encryption and decryption tool works
Runs entirely in your browser
Enter your text and a passphrase
Paste the message you want to protect and choose a long random passphrase. Both stay in the browser tab.
Encrypt
Your browser stretches the passphrase into a 256-bit key with PBKDF2-HMAC-SHA256, then encrypts the text with AES-256-GCM on your device.
Share the encrypted text
Copy the Base64 output and send it. Share the passphrase through a different channel than the ciphertext, otherwise both travel together and the encryption buys you nothing.
Private by design: nothing leaves your browser
An online encryption tool that posts your plaintext and passphrase to a server has, at that moment, handed someone else both halves of the secret. This one never makes a network request:
100% client-side
Encryption and decryption happen on your device with the browser's Web Crypto API. No request is made when you click Encrypt.
Nothing stored or logged
No account, no analytics on what you encrypt, no history. Reload the page and the message and passphrase are gone from memory.
Open and verifiable
Encryption uses the browser's Web Crypto API with AES-GCM, a standard audited primitive. No custom-rolled cryptography.
What the tool does to your text
- Generates a random 16-byte salt and a random 12-byte initialization vector for every message.
- Derives a 256-bit key from your passphrase and that salt with PBKDF2-HMAC-SHA256 at 600,000 iterations, the figure OWASP recommends.
- Encrypts with AES-256-GCM, an authenticated mode, so tampering with the ciphertext makes decryption fail rather than return corrupted text.
- Encodes the salt, the IV, and the ciphertext together as Base64, which is what you copy.
Built for developers and security-conscious teams
People who have to move a secret through a channel they do not trust. BlockSurvey applies the same idea to research data with zero-knowledge surveys, where responses are encrypted before they ever reach a server.
Developers
Encrypt a config value or a credential before pasting it into a ticket, a chat thread, or a shared document.
Security & IT teams
Hand off a recovery code or a break-glass password without trusting the transport, using a passphrase agreed in advance.
Privacy-conscious users
Keep notes, seed phrases, or personal documents readable only to you, with a passphrase from the secure password generator.
Building something that handles sensitive data?
BlockSurvey runs on zero-knowledge surveys, so the responses you collect are never sold or mined. Responses are encrypted on the respondent's device before they travel anywhere.