About Text Encryptor — Encrypt & Decrypt, No Signup

Sharing a database password or API key over email or Slack means it exists in plaintext on multiple servers indefinitely. Even channels with TLS only protect data in transit — the recipient's inbox stores it in cleartext. Encrypting the sensitive text with a passphrase before sending ensures that only someone who knows the passphrase can read it, regardless of how many servers the message passes through. This tool uses AES-256-GCM with PBKDF2 key derivation — the same primitives used in TLS and full-disk encryption — and there is no backdoor: forget the passphrase and the ciphertext is unrecoverable.

How to Use This Tool

Follow these simple steps to get accurate results in seconds. The whole process takes less than a minute for most inputs.

  1. 1

    Enter Your Plaintext and Passphrase

    Type or paste the text to encrypt, then choose a strong passphrase. The same passphrase will be required to decrypt, so store it safely.

  2. 2

    Click Encrypt

    The tool derives a 256-bit key from your passphrase using PBKDF2, generates a random salt and IV, and encrypts with AES-256-GCM. The output is a Base64-encoded ciphertext string.

  3. 3

    Copy and Share the Ciphertext

    Send the Base64 string through any channel. Share the passphrase through a different channel (e.g., send ciphertext via email, passphrase verbally) for layered security.

  4. 4

    Decrypt with the Same Passphrase

    To recover the original text, paste the ciphertext, enter the same passphrase, and click decrypt. If the passphrase is correct, the original plaintext is returned. If not, you get a decryption error.

How It Works

The technical details of how this tool processes your input and produces accurate results.

Key Derivation from Passphrase

Your passphrase is not used directly as the encryption key. Instead, it's fed into PBKDF2 (Password-Based Key Derivation Function 2) along with a random 16-byte salt and 100,000 iterations of SHA-256. This produces a 256-bit key that is computationally expensive to brute-force — each guess requires 100,000 hash iterations, making dictionary attacks impractical against all but the weakest passphrases.

AES-256-GCM Encryption and Authentication

The derived key encrypts the plaintext using AES-256 in Galois/Counter Mode. GCM generates both ciphertext and an authentication tag. During decryption, the tag is verified before any plaintext is returned — if the ciphertext has been modified or the passphrase is wrong, the tag verification fails and decryption is rejected. This prevents bit-flipping attacks that could alter decrypted content without detection.

Output Format and Decryption

The final output concatenates the salt, IV, authentication tag, and ciphertext into a single byte sequence, then Base64-encodes it for safe transmission through text-based channels. During decryption, the Base64 string is decoded back into its components, the passphrase is re-derived using the stored salt, and AES-256-GCM decryption verifies the authentication tag before returning the plaintext.

Key Features

Built to handle real workflows quickly and accurately. Each feature solves a specific problem you'd otherwise need multiple tools or manual steps to address.

AES-256-GCM Authenticated Encryption

Uses AES-256 in GCM mode, which provides both confidentiality and integrity verification. Any tampering with the ciphertext is detected during decryption, preventing man-in-the-middle modifications from going unnoticed.

PBKDF2 Key Derivation from Passphrase

Your passphrase is transformed into a 256-bit cryptographic key using PBKDF2 with a random salt and high iteration count — resisting brute-force and rainbow table attacks even against relatively simple passphrases.

Unique Salt and IV Per Operation

Each encryption generates a fresh random salt and initialization vector, so encrypting the same plaintext with the same passphrase twice produces different ciphertext — preventing pattern analysis across multiple encrypted messages.

Instant Encrypt/Decrypt Toggle

Switch between encryption and decryption modes to verify your output before sharing. Encrypt, copy the ciphertext, paste it back, and decrypt with the same passphrase to confirm it works.

Shareable Base64 Output

The encrypted output is a Base64 string that can be safely sent through email, chat, or documents. Only someone with the correct passphrase can recover the original text.

Benefits of Using Text Encryptor — Encrypt & Decrypt, No Signup

Why this tool matters and how it improves your daily work.

Protect Sensitive Text Before Sending Over Insecure Channels

Email, Slack, and most messaging platforms store messages in plaintext on their servers. Encrypting before sending means the content is unreadable on any server it traverses — only the recipient with the passphrase can access it.

Verify Before You Share — Catch Passphrase Typos Early

Encrypt a message, then immediately decrypt it with the same passphrase to verify the process works before sending. This catches typos in your passphrase that would otherwise leave your recipient unable to decrypt the message.

No Passphrase Recovery — by Design

There is no backdoor, no recovery mechanism, and no key escrow. If the passphrase is lost, the ciphertext is permanently unreadable. This is the correct security model for encryption — any system that can recover your data without the passphrase can also be compromised to do the same.

Skip OpenSSL Command-Line Complexity

Encrypting with OpenSSL requires remembering the correct flags for cipher, key derivation, salt, and output format. This tool produces AES-256-GCM ciphertext from a passphrase without command-line syntax.

Common Use Cases

Real scenarios where this tool saves time and produces better results than manual methods.

Sharing Database Credentials with Team Members

An engineer needs to share a database connection string with a colleague. Encrypting it with a passphrase and sending the ciphertext over Slack means the credential isn't stored in plaintext in chat history. The passphrase is shared verbally.

Storing API Keys in Shared Documentation

A team keeps configuration documentation in a shared wiki. Encrypting API keys and credential hints within the wiki pages keeps plaintext secrets out of the collaborative workspace while remaining accessible to authorized team members who know the passphrase.

Protecting Journalist-Source Communications

A journalist encrypts a message from a source before saving it to their notes, ensuring that if the notes are subpoenaed or compromised, the source's words remain unreadable without the passphrase.

Verifying Encryption Works Before Sending

Before sharing encrypted content, encrypt a test message and immediately decrypt it with the same passphrase to verify the process works. This catches typos in the passphrase before it matters — when the recipient can't read the message.

Who Uses This Tool

DevOps Engineers

encrypting database passwords and API keys before sharing them through chat or documentation platforms that store messages in plaintext on their servers

Journalists

encrypting notes from confidential sources so that if their devices or cloud storage are compromised, the source's identity and words remain protected

IT Administrators

storing encrypted credential hints and configuration snippets in shared wikis and documentation systems without exposing plaintext secrets to all users with read access

Pro Tips

Practical advice to get the most out of this tool, based on how experienced users actually work with it.

1

Use a passphrase of at least 12 characters mixing uppercase, lowercase, numbers, and symbols. A weak passphrase undermines even the strongest encryption algorithm by making brute-force attacks practical.

2

Always verify decryption works immediately after encrypting by copying the ciphertext back and decrypting it with the same passphrase. This catches typos in your passphrase before you share the encrypted output.

3

Never store the passphrase alongside the ciphertext. If an attacker gains access to both, the encryption is defeated. Use a password manager for passphrases and a separate system for ciphertext storage.

Frequently Asked Questions

Quick answers to the most common questions about this tool. If your question isn't here, contact our support team.

How secure is AES-256 encryption?
AES-256 has never been broken through brute-force attack and is the encryption standard used by the U.S. government and financial institutions. The security of your encrypted content depends entirely on the strength and secrecy of your passphrase — a weak passphrase undermines the algorithm.
What happens if I forget my passphrase?
Without the exact passphrase, the ciphertext cannot be decrypted. There is no backdoor or recovery mechanism. This is by design — any system that can recover your data without the passphrase can also be exploited to do the same.
Does the tool store my passphrase or encrypted text?
No. All encryption and decryption runs in your browser using the Web Crypto API. Nothing is transmitted to any server, and nothing persists after you close the tab.
What is the difference between AES-GCM and AES-CBC?
GCM provides authenticated encryption — it both encrypts the data and generates an authentication tag that verifies the ciphertext hasn't been tampered. CBC only provides confidentiality; a separate HMAC is needed for integrity verification. GCM is the modern standard for symmetric encryption.
Can I encrypt files or only text?
The current version encrypts text content only. To encrypt a file, you would need to Base64-encode its contents first and then encrypt that string, or use a dedicated file encryption tool.

Share this tool

Spread the word on social media

https://toolmetry.pro/utility/text-encrypt-decrypt