January Sale - Secure Your Passwords
NordPass

Free Encrypt & Decrypt Text

Encrypt or decrypt any text with a password. AES-256-GCM with PBKDF2 (200,000 SHA-256 iterations) key derivation. Runs entirely in your browser via the native Web Crypto API — your text, ciphertext, and password never touch a server.

AES-256-GCM with PBKDF2 (200,000 iterations, SHA-256). Generated locally in your browser via Web Crypto API. The plaintext, ciphertext, and password never leave your device.

When to use this

  • Sending a short secret over an untrusted channel — paste the ciphertext into an email, chat, or shared doc; share the password through a different channel (SMS, phone call).
  • Storing a note in plaintext storage — Google Docs, a sticky note app, a public gist. Encrypt the note first; only the holders of the password can read it.
  • Teaching or demoing encryption — paste a message, encrypt it, watch a friend fail to decrypt without the password.
  • Self-contained backup — encrypt sensitive backup notes (recovery seeds, account-recovery info) and paste the ciphertext anywhere; only your password unlocks it.

Wire format (for the curious)

The base64 output decodes to the following bytes, in order:

  • Bytes 0–15: 16-byte PBKDF2 salt (random per encryption)
  • Bytes 16–27: 12-byte GCM IV / nonce (random per encryption)
  • Bytes 28..n-17: AES-GCM ciphertext
  • Bytes n-16..n: 16-byte GCM authentication tag

Same input encrypted twice produces different ciphertext (different salt + IV each time). Decryption fails the GCM tag check if the password is wrong by even one character.

Embed this tool on your site

Paste this snippet into any blog post, tutorial, or security guide:

<iframe src="https://taskmate.digital/embed/encrypt-text"
        width="100%" height="540" frameborder="0"
        style="max-width:480px;border:1px solid #e9ecef;border-radius:6px;"></iframe>
<p style="text-align:center;font-size:12px;color:#6c757d;">
  Free <a href="https://taskmate.digital/tools/encrypt-text">Encrypt &amp; Decrypt Text</a>
  by <a href="https://taskmate.digital">TaskMate</a>
</p>

Free for everyone. See all available embeds.

Frequently asked questions

Your password is run through PBKDF2-SHA-256 with 200,000 iterations to derive a 256-bit AES key. That key encrypts your text using AES-256-GCM with a random IV. The result is base64-encoded so it can be safely pasted into email, chat, or text files.

Yes — for low-to-medium-stakes secrets. AES-256-GCM is the same algorithm used by TLS, password managers, and disk encryption. The work happens entirely in your browser; nothing is uploaded. For nation-state-grade secrets, use end-to-end encrypted messaging (Signal) instead, since browser tabs can in theory be inspected by other extensions.

AES-GCM is authenticated encryption — even a one-character password difference produces a completely different key, and the GCM tag check fails. There is no partial decryption.

Yes, as long as both sides use the same algorithm: AES-256-GCM with a PBKDF2-SHA-256 (200,000 iterations) key derived from the password. The wire format is 16-byte salt + 12-byte IV + ciphertext + 16-byte GCM tag, all base64-encoded together.

No. Encryption, decryption, and key derivation all happen in your browser via the Web Crypto API. Open the network tab and watch — no requests fire during encryption.

Related tools

NordVPN