HMAC Generator
Generate HMAC values from text and a secret key. Supports SHA-1, SHA-256, SHA-384, and SHA-512.
Encrypt and decrypt text with AES-GCM or AES-CBC using a passphrase. The salt and IV are generated automatically and embedded in the ciphertext, so decryption only needs the passphrase.
This free tool lets you encrypt and decrypt text with a passphrase, entirely inside your browser. It uses only the browser’s built-in Web Crypto API — no external libraries, and nothing is ever sent to a server.
Each time you encrypt, a fresh random salt and IV (initialization vector) are generated, and the encryption key is derived from your passphrase using PBKDF2 (100,000 SHA-256 iterations). The salt, IV, and algorithm used are embedded directly in the resulting Base64 ciphertext, so decrypting only requires the passphrase — nothing else to keep track of. Handy for quickly protecting a note or piece of text with a password before sharing it.
AES-GCM encrypts data while also authenticating it (detecting tampering), and is widely recommended as current best practice. AES-CBC is an older mode with no built-in tamper detection, so GCM is generally the safer choice on its own. Use AES-GCM unless you have a specific reason not to.
Decryption fails and an error is shown. With AES-GCM, the authentication tag check also catches corrupted or tampered ciphertext, not just a wrong passphrase.
No. This tool uses its own self-contained format — it bundles the salt, IV, and algorithm info into the ciphertext, and derives the key from your passphrase with its own PBKDF2 settings. Encryption and decryption are meant to be done with this same tool. For interop with another system, open "Show details" to get the salt, IV, and ciphertext in hex and implement matching logic on the other side.
No. All encryption and decryption happens entirely in your browser using the Web Crypto API — nothing is sent anywhere. The plaintext, ciphertext, and passphrase are also not saved to browser storage.