Symmetric encryption converts a message from plain, readable characters into structured cipher text using mathematical permutations driven by a secret key. Because the operation is mathematically reversible only with that identical key, it lets two parties exchange information privately across everyday, insecure channels such as email threads or shared cloud notes.

This tool applies the principle by accepting your text, password, preferred cipher suite, and optional salt or initialisation vector, then executing the chosen algorithm entirely inside your browser. During encryption it derives a fixed-length key from the password, combines the key with a random or supplied vector, and outputs cipher text in Base-64 or hexadecimal form.

You might paste a short project update, choose AES-GCM 256-bit, and email the resulting cipher block to a colleague who already knows the shared password, preserving confidentiality without installing software or opening accounts. If you forget the password or discard the vector, the data remains inaccessible; always record those secrets securely.

Technical Details:

Password-based symmetric cryptography relies on deriving a binary key from a human-readable passphrase and, optionally, a random salt. The derived key feeds an authenticated cipher such as AES-GCM or ChaCha20-Poly1305, which combines the key, a unique non-repeating initialisation vector, and the message to generate cipher text plus an authentication tag. The tag enables tamper detection, while vector reuse prevention guards against pattern leakage, making the scheme suitable for secure but friction-free text exchange.

Key Derivation & Encryption Flow

Derive key k by hashing the concatenated password p and salt s with SHA-256, then truncating to the algorithm’s required length.
Combine k with a unique initialisation vector v to encrypt plaintext M, producing cipher text C and authentication tag T.
Export v ∥ C ∥ T in the chosen encoding so a recipient can reverse the sequence with the same parameters.

k = {SHA}_{256} (p ∥ s)

C, T = Cipher (M, k, v)

Supported Cipher Suites

Algorithm	Key Size	IV / Nonce
AES-GCM-128	16 bytes	12 bytes
AES-GCM-256	32 bytes	12 bytes
ChaCha20-Poly1305	32 bytes	12 bytes
XChaCha20-Poly1305	32 bytes	24 bytes
AES-ECB	32 bytes	Not used
Triple DES-ECB	24 bytes	Not used
Rabbit / RC4 family	Variable	Not used

Authenticated modes provide built-in integrity; non-authenticated stream and block modes omit tamper detection and are suitable only for legacy compatibility.

Key Parameters

Plaintext / Ciphertext – the data being processed.
Password – secret phrase for key derivation.
Salt – optional random value strengthening the password-to-key step.
IV / Nonce – unique per message number preventing pattern reuse.
Encoding – Hexadecimal or Base-64 representation of the binary payload.

Example (AES-GCM-256, “Hello, world!”):

k = {SHA}_{256} (“Sample password”)

C, T = AES-GCM-256 (“Hello, world!”, k, v)

Final output: v∥C∥T encoded as Base-64.

Assumptions & Limitations

Derivation uses a single SHA-256 pass rather than a memory-hard function.
Key strength depends entirely on password entropy.
Reusing an IV with the same key compromises confidentiality.
ECB modes lack authenticity and semantic security.

Edge Cases & Error Sources

Empty password produces predictable keys.
Incorrect encoding selection during decryption yields garbled output.
Clipboard blockers in some browsers prevent copying of long results.
Older devices without modern crypto primitives cannot process GCM or ChaCha algorithms.

References

AES-GCM mode: NIST SP 800-38D; ChaCha20-Poly1305: RFC 8439; SHA-256: FIPS 180-4; PKCS #7 padding specification for legacy block ciphers.

All operations run locally; the process handles no personally identifiable information under GDPR or HIPAA definitions.

Step-by-Step Guide:

Follow these steps to protect or reveal text using your chosen cipher suite.

Enter or paste the message you wish to transform.
Select a cipher suite that meets your security requirements.
Provide a strong password mandatory.
Expand advanced controls to review or generate salt and vector values.
Choose encryption or decryption mode and pick an output format.
Copy the resulting text and share it along with any required parameters.

FAQ:

Is my data stored?

No. Processing occurs entirely within your browser tab, and nothing is transmitted to any server.

Which cipher is safest?

AES-GCM-256 and XChaCha20-Poly1305 provide modern, authenticated encryption; choose one of these unless legacy compatibility is required.

Can I recover a lost password?

No. The algorithms are designed to resist brute-force guessing; forgotten passwords render the data permanently unreadable.

Why include salt?

A salt forces unique key derivation for identical passwords, thwarting pre-computed dictionary attacks.

Does IV size matter?

Yes. AES-GCM requires a 12-byte vector; ChaCha20 uses 12 or 24 bytes. Reusing or truncating vectors defeats the cipher’s security guarantees.

Glossary:

Cipher Text: Unreadable output produced by an encryption algorithm.
Initialisation Vector: Nonce that seeds the cipher to ensure unique output.
Salt: Random bytes added to a password before hashing.
SHA-256: 256-bit cryptographic hash used for key derivation.
Authenticated Encryption: Mode that encrypts data and checks integrity in one step.

Text Encryptor & Decryptor

Introduction: