What is PBKDF2 and why is it used?

PBKDF2 (Password-Based Key Derivation Function 2) converts a human-readable password into a cryptographic key suitable for AES-256. It applies SHA-256 hashing 100,000 times with a random salt, making brute-force attacks against weak passwords significantly more expensive. Each encryption uses a unique random salt, so encrypting the same text with the same password produces different output every time.

Can I decrypt this output with other tools?

Yes, as long as the tool implements the same parameters: PBKDF2 with SHA-256, 100,000 iterations, 16-byte salt, followed by AES-256-GCM with a 12-byte IV and 16-byte authentication tag. The format is Base64(Base64(salt):Base64(iv):Base64(ciphertext):Base64(tag)). You can implement decryption in any language with OpenSSL or equivalent crypto libraries using these parameters.

Text Encryptor - AES-256-GCM Encryption/Decryption Tool

Q: What encryption algorithm does this tool use?

This tool uses AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode). AES-256 is approved by NIST and used by governments and military worldwide. GCM mode provides both confidentiality (encryption) and authenticity (tamper detection) in a single operation. The key is derived from your password using PBKDF2 with 100,000 iterations of SHA-256 and a random salt.

Q: Is my data sent to any server?

No. All encryption and decryption happens entirely in your browser using the Web Crypto API. Your plaintext, password, and encrypted output never leave your device. You can verify this by disconnecting from the internet and using the tool offline. The tool works because modern browsers include a built-in cryptographic library (SubtleCrypto) that performs all operations locally.

Q: What does the encrypted output contain?

The encrypted output is a Base64-encoded string containing four components separated by colons: the salt (16 bytes, used for key derivation), the IV/nonce (12 bytes, required by GCM mode), the ciphertext (the encrypted data), and the authentication tag (16 bytes, for tamper detection). All four components are needed for decryption.

Encrypt and decrypt text using AES-256-GCM with PBKDF2 key derivation. All processing happens in your browser — your data never leaves your device.

How AES-256-GCM Encryption Works

AES-256-GCM is an authenticated encryption algorithm that provides both confidentiality and integrity protection in a single operation. AES (Advanced Encryption Standard) with a 256-bit key is the strongest variant of AES, approved by NIST for top-secret government data. GCM (Galois/Counter Mode) combines the counter mode of encryption with Galois field multiplication for authentication, producing both ciphertext and an authentication tag that detects any tampering.

This tool derives the AES-256 key from your password using PBKDF2 (Password-Based Key Derivation Function 2) with 100,000 iterations of SHA-256. Each encryption generates a random 16-byte salt for key derivation and a random 12-byte initialization vector (IV) for AES-GCM. These random values ensure that encrypting the same text with the same password produces completely different output each time, preventing pattern analysis attacks.

The Encryption Pipeline

When you encrypt text, the following steps occur entirely in your browser. First, a random 16-byte salt is generated using crypto.getRandomValues(). Second, your password and the salt are fed into PBKDF2 with 100,000 iterations of SHA-256 to derive a 256-bit encryption key. Third, a random 12-byte IV is generated. Fourth, the text is encrypted using AES-256-GCM with the derived key and IV, producing ciphertext and a 16-byte authentication tag. Finally, the salt, IV, ciphertext, and tag are combined and Base64-encoded for easy copying and sharing.

Why PBKDF2 Is Essential

Human-chosen passwords have far less entropy than the 256 bits needed for AES-256. A typical strong password might have 40-60 bits of entropy. PBKDF2 addresses this by making each password guess computationally expensive. With 100,000 iterations, an attacker trying 1 billion passwords per second on a GPU cluster would need significantly longer to crack the key. The random salt prevents precomputed rainbow table attacks and ensures that two users with the same password produce different encryption keys.

GCM Mode Authentication

The GCM authentication tag is a 16-byte value that acts as a cryptographic checksum of the ciphertext. If an attacker modifies even a single bit of the encrypted data, the authentication tag will not match during decryption, and the operation will fail with an error. This prevents chosen-ciphertext attacks where an attacker manipulates encrypted data to learn information about the plaintext. In this tool, a failed authentication check results in the message "Decryption failed: wrong password or corrupted data."

Security Considerations

The security of this encryption depends entirely on your password strength. Use a long, unique password with mixed character types. The tool itself uses industry-standard algorithms and parameters. All processing uses the browser's built-in Web Crypto API (SubtleCrypto), which is implemented in native code and resistant to timing attacks. Your data, password, and encryption keys exist only in browser memory and are never transmitted over the network.

Frequently Asked Questions

What encryption algorithm does this tool use?

AES-256-GCM with PBKDF2 key derivation (100,000 iterations of SHA-256). AES-256 is the strongest AES variant, and GCM provides both encryption and tamper detection.

Is my data sent to any server?

No. All operations use the browser's Web Crypto API. Your text, password, and results never leave your device. You can verify by using the tool offline.

What is PBKDF2?

PBKDF2 converts a password into a cryptographic key using 100,000 rounds of SHA-256 with a random salt. This makes brute-force attacks against weak passwords much more expensive.

What does the encrypted output contain?

The output is Base64-encoded and contains the salt (for key derivation), IV (for AES-GCM), ciphertext (encrypted data), and authentication tag (tamper detection). All four are needed for decryption.

Can I decrypt with other tools?

Yes, if they implement PBKDF2-SHA256 (100K iterations, 16-byte salt) followed by AES-256-GCM (12-byte IV, 16-byte tag). The format is Base64(Base64(salt):Base64(iv):Base64(ciphertext):Base64(tag)).

Text Encryptor

Result

Embed This Calculator