RC4 Encryption & Decryption Tool

Encrypt or decrypt any text using the RC4 stream cipher. Symmetric key algorithm for educational purposes.

? How RC4 works: A pseudorandom keystream is generated from the secret key and XORed with the plaintext to produce ciphertext. Decryption applies the same XOR.

Any text string. Longer keys increase security.
secret password 123456 cryptoKey GetZenQuery
Input: Text Input: Hex Output always shown in both text and hex
Test vectors: Hello World! Quick brown fox 1234567890
Processing...

Understanding RC4

RC4 (Rivest Cipher 4) is a widely used stream cipher designed by Ron Rivest in 1987. It's known for its simplicity and speed, generating a pseudorandom stream of bits (keystream) which is XORed with the plaintext.

Encryption/Decryption:

ciphertext = plaintext XOR keystream

plaintext = ciphertext XOR keystream

(same operation)

RC4 Algorithm Steps (Detailed)

RC4 consists of two main parts: Key Scheduling Algorithm (KSA) and Pseudo-Random Generation Algorithm (PRGA).

1. Key Scheduling Algorithm (KSA) – initializes permutation S[0..255] with the key.
for i from 0 to 255
    S[i] = i
j = 0
for i from 0 to 255
    j = (j + S[i] + key[i mod keylength]) mod 256
    swap S[i] and S[j]
2. Pseudo-Random Generation Algorithm (PRGA) – generates keystream bytes.
i = 0, j = 0
while generating keystream:
    i = (i + 1) mod 256
    j = (j + S[i]) mod 256
    swap S[i] and S[j]
    K = S[(S[i] + S[j]) mod 256]   // keystream byte
    output K

Each keystream byte K is XORed with the corresponding plaintext/ciphertext byte.

Example Walkthrough

Key: "Key" (bytes [75, 101, 121])   Plaintext: "Plain" (bytes [80, 108, 97, 105, 110])

After KSA and PRGA, a keystream (e.g., [171, 235, 12, 89, 210]) is produced. XOR yields ciphertext. The tool above performs this exact process.

Security Considerations

  • Bias in initial output: The first few bytes of keystream are statistically biased; it's recommended to discard at least 256 bytes in practice (though our tool does not, for simplicity).
  • Weak keys: Some keys lead to patterns, making RC4 vulnerable to attacks like Fluhrer-Mantin-Shamir (used to break WEP).
  • Deprecated: RC4 is no longer considered secure for TLS/SSL and has been removed from major standards. Use only for learning or legacy compatibility.
  • Modern alternatives: AES-CTR, ChaCha20 (used in TLS 1.3).

Frequently Asked Questions

RC4 is symmetric: encryption and decryption are identical because XOR is its own inverse. The keystream generated from the key is XORed with data to produce ciphertext; XORing the same keystream with ciphertext restores plaintext.

RC4 accepts keys from 1 to 256 bytes. Our implementation uses any length; the KSA wraps around the key. Shorter keys (e.g., 5-16 bytes) are common in examples.

If you select "Input: Hex", the tool expects a hexadecimal string (even length, 0-9A-F). It will convert to bytes before processing. Output hex is always provided.

Yes. Use the same key and paste the ciphertext (as hex or text) then click Decrypt. The output should match the original plaintext.

No. RC4 has known biases and is deprecated. It should not be used for new applications. Use it only for educational purposes or to interact with legacy systems.