Encryption Decryption Tool

Encrypt text into an AES-GCM JSON envelope or decrypt an envelope created by this page using the same passphrase.

Last updated: May 28, 2026

Do not paste production secrets, private keys, customer data, or regulated data into browser tools unless your organization allows that workflow.

Plain Text

Encrypted Output

Passphrase

PBKDF2 Iterations

This tool is for local test data, notes, and debugging. Do not paste production secrets, customer data, private keys, or regulated data unless your security policy allows browser-side tools.

Client-Side Processing

Input Data Stays on Device

Instant Local Execution

Find this tool useful? Support the project to keep it free!

Buy me a coffee

What is Encryption Decryption?

This encryption/decryption tool uses the browser Web Crypto API to encrypt text with AES-GCM. A passphrase is converted into a 256-bit AES key using PBKDF2-SHA-256 with a random salt. The output is a JSON envelope containing the algorithm, KDF settings, salt, IV, and ciphertext needed to decrypt later with the same passphrase.

How to Use Encryption Decryption

Choose Encrypt or Decrypt.

For encryption, paste plain text and enter a passphrase.

Click Encrypt Text and copy the JSON envelope.

For decryption, paste that JSON envelope and enter the same passphrase.

Click Decrypt Text to recover the original text.

Common Use Cases

Encrypting local demo notes before sharing through a non-secret channel.
Testing AES-GCM and PBKDF2 flows in a browser.
Creating reproducible examples for documentation or training.
Verifying that an encrypted payload can round-trip with a passphrase.
Learning what metadata is required to decrypt AES-GCM ciphertext.

Example Input and Output

A plaintext note is encrypted into a JSON envelope. The same passphrase is required to decrypt it.

Plain text

Database password rotation is scheduled for Friday at 22:00 UTC.

Encrypted JSON envelope

{
  "v": 1,
  "alg": "AES-GCM",
  "kdf": "PBKDF2-SHA-256",
  "iterations": 120000,
  "salt": "...",
  "iv": "...",
  "ciphertext": "..."
}

Passphrase quality

A strong passphrase matters. AES-GCM is strong, but a short or reused passphrase can still be guessed.

Browser-side crypto

The browser Web Crypto API performs key derivation, encryption, and decryption locally.

Frequently Asked Questions

What algorithm does this tool use?

It uses AES-GCM for encryption and PBKDF2-SHA-256 to derive the AES key from your passphrase.

Can WebToolsPlanet decrypt my text later?

No. Encryption and decryption run in your browser, and the passphrase is not sent to WebToolsPlanet.

Why is the encrypted output different every time?

The tool creates a random salt and IV for each encryption. That is expected and important for safe AES-GCM use.

Can I decrypt payloads from another tool?

Only if they use the same JSON envelope fields, AES-GCM, PBKDF2-SHA-256, salt, IV, iteration count, and Base64 ciphertext format.

Related Tools

HMAC Generator

Generate HMAC signatures with SHA-1, SHA-256, SHA-384, or SHA-512 from text, hex, or Base64 input.

Checksum Calculator

Calculate CRC-32, Adler-32, MD5, SHA-1, SHA-256, SHA-384, and SHA-512 checksums from text, hex, or Base64 input.

SHA Hash Generator

Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text instantly in your browser.

MD5 Generator

Instantly generate MD5 hashes from any text for checksums and data verification.

JWT Decoder

Decode and inspect JSON Web Tokens (JWT) without validation.

Base64 Encoder/Decoder

Encode text to Base64 or decode Base64 to plain text — with URL-safe mode, auto-detect, and size stats.