Encoder / Decoder

Encrypt and decrypt strings with your own key or the built-in default.

Setup
Pick an algorithm and key. AES + libsodium outputs are wrapped in a JSON envelope so they are easy to store and share. CryptoJS outputs use the OpenSSL salted Base64 format.

For AES + libsodium modes, the passphrase is stretched with PBKDF2 (210,000 iterations, SHA-256) to make brute force attacks harder.

Plaintext
Envelope format (AES + libsodium)
AES + libsodium outputs are stored in a JSON envelope containing the algorithm, salt, IV or nonce, and ciphertext. CryptoJS outputs are OpenSSL-style Base64 strings and do not use this envelope.
{
  "v": 1,
  "alg": "AES-GCM",
  "iter": 210000,
  "salt": "...",
  "iv": "...",
  "ct": "...",
  "format": "base64"
}

Algorithm guide

AES-GCM (Recommended)
Authenticated encryption that provides confidentiality and tamper detection in one step.
Engine: Web Crypto
Key: 256-bit key derived from your passphrase using PBKDF2 (SHA-256).
IV / Nonce: 12-byte nonce; must be unique per encryption.
Output: Ciphertext plus authentication tag (combined by Web Crypto).
UTF-8: Plaintext is encoded as UTF-8. For binary data, Base64-encode it first.
Best for: Most general-purpose app data encryption.
Notes:
  • Fast and widely supported in modern browsers.
  • If the nonce repeats with the same key, security breaks.
  • Decrypt fails if ciphertext or tag is modified.
AES-CBC
Classic block cipher mode that provides confidentiality but no integrity.
Engine: Web Crypto
Key: 256-bit key derived from your passphrase using PBKDF2 (SHA-256).
IV / Nonce: 16-byte IV; must be random and unique.
Output: Ciphertext with padding; integrity is not provided.
UTF-8: Plaintext is encoded as UTF-8. For binary data, Base64-encode it first.
Best for: Legacy compatibility or learning purposes.
Notes:
  • Requires a separate MAC (not included here) for integrity.
  • Padding makes it larger than plaintext.
  • Avoid for new designs unless you add authentication.
AES-CTR
Stream-like mode that turns AES into a keystream; encryption and decryption are symmetric.
Engine: Web Crypto
Key: 256-bit key derived from your passphrase using PBKDF2 (SHA-256).
IV / Nonce: 16-byte counter block; counter portion must never repeat.
Output: Ciphertext only; integrity is not provided.
UTF-8: Plaintext is encoded as UTF-8. For binary data, Base64-encode it first.
Best for: Streaming data where authentication is handled separately.
Notes:
  • Very fast and parallelizable.
  • Never reuse a counter with the same key.
  • Pair with a MAC for integrity.
XChaCha20-Poly1305 (libsodium)
Modern AEAD cipher with a long nonce, providing confidentiality and integrity.
Engine: libsodium-wrappers
Key: 32-byte key derived from your passphrase using PBKDF2 (SHA-256).
IV / Nonce: 24-byte nonce; must be unique per encryption.
Output: Ciphertext with Poly1305 authentication tag (combined).
UTF-8: Plaintext is encoded as UTF-8. For binary data, Base64-encode it first.
Best for: Large-scale apps that want a modern AEAD with a roomy nonce.
Notes:
  • Nonce is longer than ChaCha20-Poly1305, reducing collision risk.
  • Widely recommended for new designs in the libsodium ecosystem.
  • Tampering causes decryption to fail.
ChaCha20-Poly1305 (libsodium)
Fast AEAD cipher with strong security and great performance on mobile.
Engine: libsodium-wrappers
Key: 32-byte key derived from your passphrase using PBKDF2 (SHA-256).
IV / Nonce: 12-byte nonce; must be unique per encryption.
Output: Ciphertext with Poly1305 authentication tag (combined).
UTF-8: Plaintext is encoded as UTF-8. For binary data, Base64-encode it first.
Best for: Performance-focused encryption across browsers and devices.
Notes:
  • Excellent performance without AES hardware acceleration.
  • Nonce reuse with the same key breaks security.
  • Tampering causes decryption to fail.
Secretbox (XSalsa20-Poly1305)
libsodium's classic secret-key API with strong confidentiality and integrity.
Engine: libsodium-wrappers
Key: 32-byte key derived from your passphrase using PBKDF2 (SHA-256).
IV / Nonce: 24-byte nonce; must be unique per encryption.
Output: Ciphertext with authentication tag (combined).
UTF-8: Plaintext is encoded as UTF-8. For binary data, Base64-encode it first.
Best for: Simple, reliable symmetric encryption with libsodium.
Notes:
  • Built for misuse resistance, but nonce reuse is still dangerous.
  • Well-audited and widely adopted.
  • Tampering causes decryption to fail.
AES-CBC (CryptoJS)
AES-CBC via CryptoJS with OpenSSL-style salted output.
Engine: crypto-js
Key: Passphrase-based key derivation handled by CryptoJS (OpenSSL-style).
IV / Nonce: Random IV generated by CryptoJS.
Output: Base64 OpenSSL format string (starts with Salted__).
UTF-8: Plaintext is handled as UTF-8 by CryptoJS.
Best for: Interoperability with OpenSSL-style AES outputs.
Notes:
  • Provides confidentiality but no integrity checks.
  • Use only for compatibility needs; prefer AEAD modes for new work.
  • Output includes salt and IV data internally.
TripleDES (CryptoJS)
Legacy 3DES encryption for compatibility with older systems.
Engine: crypto-js
Key: Passphrase-based key derivation handled by CryptoJS.
IV / Nonce: Random IV generated by CryptoJS.
Output: Base64 OpenSSL format string (starts with Salted__).
UTF-8: Plaintext is handled as UTF-8 by CryptoJS.
Best for: Legacy systems that require 3DES.
Notes:
  • Significantly slower than AES.
  • Smaller security margin than modern ciphers.
  • Only use when required for compatibility.
DES (CryptoJS)
Very old block cipher kept only for legacy compatibility.
Engine: crypto-js
Key: Passphrase-based key derivation handled by CryptoJS.
IV / Nonce: Random IV generated by CryptoJS.
Output: Base64 OpenSSL format string (starts with Salted__).
UTF-8: Plaintext is handled as UTF-8 by CryptoJS.
Best for: Legacy compatibility demos only.
Notes:
  • DES is no longer considered secure.
  • Use only for teaching or legacy data.
RC4 (CryptoJS)
Legacy stream cipher for compatibility use cases.
Engine: crypto-js
Key: Passphrase-based key derivation handled by CryptoJS.
IV / Nonce: No IV required.
Output: Base64 OpenSSL format string (starts with Salted__).
UTF-8: Plaintext is handled as UTF-8 by CryptoJS.
Best for: Legacy systems only.
Notes:
  • RC4 is considered insecure and deprecated.
  • Avoid for any new designs.
RC4Drop (CryptoJS)
RC4 with initial keystream dropped; still legacy.
Engine: crypto-js
Key: Passphrase-based key derivation handled by CryptoJS.
IV / Nonce: No IV required.
Output: Base64 OpenSSL format string (starts with Salted__).
UTF-8: Plaintext is handled as UTF-8 by CryptoJS.
Best for: Legacy compatibility experiments.
Notes:
  • Still based on RC4, which is considered weak.
  • Only keep for compatibility with old formats.
Rabbit (CryptoJS)
Stream cipher from the eSTREAM project; mostly for legacy use.
Engine: crypto-js
Key: Passphrase-based key derivation handled by CryptoJS.
IV / Nonce: Optional IV handled by CryptoJS.
Output: Base64 OpenSSL format string (starts with Salted__).
UTF-8: Plaintext is handled as UTF-8 by CryptoJS.
Best for: Legacy compatibility with Rabbit-based data.
Notes:
  • Not widely used in modern systems.
  • Prefer modern AEAD modes instead.
Simple XOR (Not secure)
Lightweight obfuscation using XOR with your key, then Base64 encoding.
Engine: Built-in
Key: Any passphrase; repeated across data bytes.
IV / Nonce: No IV or nonce.
Output: Base64 text.
UTF-8: Plaintext is encoded as UTF-8. For binary data, Base64-encode it first.
Best for: Quick obfuscation, demos, or teaching concepts.
Notes:
  • Easy to reverse if the key is weak or reused.
  • Provides no authentication or integrity.
  • Do not use for sensitive data.
DiscoverMy Goals
New GoalProfile