Industry‑standard symmetric encryption (AES‑256‑GCM) with PBKDF2 key derivation. All operations happen client‑side — your plaintext and keys never leave this page.
AES‑GCM (Galois/Counter Mode) is a modern authenticated encryption algorithm approved by NIST and used by TLS 1.3, military communications, and cloud storage. It simultaneously provides confidentiality (nobody reads your data) and integrity/authenticity (detects any tampering). The combination with PBKDF2 (Password‑Based Key Derivation Function 2) transforms a human‑memorable passphrase into a cryptographically strong 256‑bit key, using a random salt and many iterations to resist brute‑force and rainbow table attacks.
Technical overview:
Encryption: ciphertext, tag = AES‑GCM_Encrypt( key, iv, plaintext, aad )
Key derivation: key = PBKDF2( passphrase, salt, 100000 iterations, SHA‑256 )
Output format: base64( salt (16B) + iv (12B) + ciphertext (variable) ).
This tool uses the Web Crypto API (window.crypto.subtle) — a low‑level, FIPS‑compliant interface available in all modern browsers. Each encryption generates a fresh random salt (16 bytes) and a random initialization vector (IV, 12 bytes for GCM). The key is derived on‑the‑fly using 100,000 iterations of PBKDF2‑HMAC‑SHA‑256, which significantly slows down offline dictionary attacks. The ciphertext includes the authentication tag (automatically appended by Web Crypto), ensuring any modification or wrong password leads to an explicit decryption failure.
Our tool follows NIST Special Publication 800‑38D recommendations for AES‑GCM. It never logs, stores, or transmits any user data. The source code is transparent and can be audited. For organizations requiring compliance, the underlying Web Crypto implementation is validated by major browser vendors (Chrome’s BoringSSL, Firefox’s NSS). We recommend using passphrases with at least 12 characters, including mixed case, numbers, and symbols. The random passphrase generator creates 128‑bit entropy strings, suitable for high‑security scenarios.