All tools

Text Encrypt & Decrypt

Security

Encrypt and decrypt text with a password using AES-256, locally in your browser.

AES-256 encryption runs locally — your text and password never leave your browser.

Text to encrypt

Encrypted output

Enter text and a password to see the encrypted block.

About the Handiwork Text Encrypt & Decrypt

Text Encrypt & Decrypt protects any text with a password using AES-256-GCM, a modern, authenticated encryption standard. Switch to Encrypt to turn a message into an unreadable block you can safely store or share, then use Decrypt with the same password to recover the original. The encryption key is derived from your password with PBKDF2, and everything happens locally in your browser — your text and password are never uploaded, logged, or stored.

How to use the Handiwork Text Encrypt & Decrypt

  1. Choose Encrypt or Decrypt at the top.
  2. Enter your text and a password you will remember (or share securely with your recipient).
  3. Copy the result. To decrypt later, paste the encrypted block and enter the same password.

How the encryption works

Your password is run through PBKDF2 with a random salt and 250,000 iterations of SHA-256 to derive a 256-bit key. That key encrypts your text with AES-GCM, which also produces an authentication tag so any tampering is detected on decryption. The output combines a format version, the random salt, the initialisation vector, and the ciphertext into a single Base64 string that is easy to copy and paste.

Choosing a strong password

The security of your encrypted text depends entirely on your password. A short or common password can be brute-forced, so use a long, unpredictable passphrase. There is no password recovery: if you forget it, the text cannot be decrypted by anyone, including us. Store your password somewhere safe, such as a password manager.

Sharing encrypted messages

To send someone an encrypted message, share the Base64 output through any channel — email, chat, or a document — and give them the password through a separate, trusted channel (for example, in person or by phone). They paste the block here, switch to Decrypt, and enter the password to read it. Because decryption is authenticated, they will be warned if the text was altered in transit.

Private by design

All encryption and decryption run in your browser using the built-in Web Crypto API. Nothing you type — neither the text nor the password — is ever sent to a server, and nothing is saved when you close the tab. This makes the tool suitable for sensitive notes, credentials, and personal information.

Frequently asked questions

What encryption does this tool use?

It uses AES-256 in GCM mode, an authenticated encryption standard. The key is derived from your password using PBKDF2 with a random salt and 250,000 SHA-256 iterations, all via the browser’s Web Crypto API.

Is my text or password sent anywhere?

No. Everything is processed locally in your browser. Your text and password are never transmitted, logged, or stored, and nothing persists after you close the page.

What happens if I forget the password?

The text cannot be recovered. Strong encryption has no backdoor, so there is no way to decrypt without the exact password. Keep it somewhere safe, such as a password manager.

Can I share encrypted text with someone else?

Yes. Send them the encrypted Base64 block and share the password through a separate, trusted channel. They paste it here, choose Decrypt, and enter the password to read the message.

Why does decryption say the text was modified?

AES-GCM verifies integrity. If the encrypted block was altered, truncated, or you entered the wrong password, decryption fails and you are warned rather than shown incorrect output.

All security tools