ZestCalc
ZestCalc
Appearance
Language

Encrypt / Decrypt Text

Encrypt or decrypt text with AES-256-GCM directly in your browser. No data leaves your device.

Encrypt / Decrypt Text

Enter your text and password, then press Encrypt or Decrypt.

OpenSSL Command Reference (AES-256-CBC)

You can also encrypt and decrypt text from the command line using OpenSSL. The commands below use AES-256-CBC with PBKDF2 key derivation (100,000 iterations, SHA-256).

Replace YOUR_TEXT with the text you want to encrypt and YOUR_PASSWORD with your chosen password. To decrypt, replace ENCRYPTED_BASE64 with the Base64 output from the encrypt command.

Encrypt

printf '%s' 'YOUR_TEXT' | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -pass pass:'YOUR_PASSWORD' -a

Decrypt

echo 'ENCRYPTED_BASE64' | openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -pass pass:'YOUR_PASSWORD' -a

Why are the results different?

The web tool above uses AES-256-GCM (authenticated encryption), while the OpenSSL commands use AES-256-CBC — because openssl enc does not support GCM mode. These two algorithms produce completely different output formats, so you cannot decrypt OpenSSL output with this web tool or vice versa. However, both approaches derive the encryption key using PBKDF2 with the same parameters (SHA-256, 100,000 iterations).

How to use this tool

Type or paste the text you want to protect into the Plaintext field, choose a strong password, and press Encrypt. The tool returns a base64-encoded string that contains everything needed for decryption — salt, IV, authentication tag, and ciphertext — packed into one block.

To reverse the process, switch to Decrypt mode, paste the base64 string, enter the same password, and press Decrypt. If the password is correct and the data has not been tampered with, the original plaintext appears instantly.

How strong is AES-256-GCM?

If the password is not lost, it is extraordinarily difficult to recover the plaintext without it — even with very powerful computers. AES-256 has a key space of 22562^{256}, which means a brute-force search is far beyond the capability of any current or foreseeable technology. Combined with PBKDF2 key stretching (100 000 iterations), casual password guessing is also impractical.

That said, a weak or reused password reduces this advantage. Always choose a strong, unique passphrase.

What is symmetric encryption?

Symmetric encryption uses the same key (derived from your password) for both encryption and decryption. Unlike asymmetric encryption — which involves a public/private key pair — symmetric schemes are simple and fast, making them ideal for encrypting data at rest or in transit when both parties share a secret.

Why AES-256-GCM?

  • Authenticated encryption: GCM (Galois/Counter Mode) provides both confidentiality and integrity in a single operation. If even one bit of the ciphertext is altered, decryption fails with an authentication error rather than producing garbled output.
  • Widely trusted: AES-256 is the encryption standard used by governments, financial institutions, and security-critical software worldwide.
  • Industry standard: It is the default cipher suite in TLS 1.3, recommended by NIST, and supported natively by every major platform through the Web Crypto API.

Because this tool uses a single fixed algorithm, you never need to worry about algorithm mismatch between encrypting and decrypting.

How the encrypt / decrypt process works

  1. Key derivation (PBKDF2) — Your password is not used directly as the encryption key. Instead, it is fed into PBKDF2 together with a random 16-byte salt and run through 100 000 iterations of SHA-256. The output is a 256-bit key that is computationally expensive to reverse-engineer from the password alone.
  1. Encryption — A random 12-byte IV (initialization vector) is generated. AES-256-GCM then encrypts the plaintext using the derived key and IV, producing the ciphertext and a 16-byte authentication tag that will be checked during decryption.
  1. Packing — The salt, IV, authentication tag, and ciphertext are concatenated in that order and encoded as a single base64 string. This means the recipient only needs the password — everything else is embedded in the output.
  1. Decryption — The base64 string is decoded and split back into salt, IV, tag, and ciphertext. PBKDF2 re-derives the same key from the password and salt, and AES-256-GCM decrypts the data. If the tag does not verify, the operation fails immediately — this protects against both wrong passwords and tampered ciphertext.

Privacy note

All processing happens entirely in your browser. No plaintext, password, or ciphertext is ever sent to a server. You can verify this by opening your browser's network inspector — there are zero outgoing requests during encryption or decryption.

For reference, the result area shows OpenSSL commands that perform AES-256-CBC encryption with the same password and iteration count. These commands are provided so you can explore local command-line encryption, but their output cannot be decrypted by this tool, and vice versa. There are two reasons the outputs are incompatible:

  1. Different cipher mode — This tool uses AES-256-GCM (authenticated encryption). The openssl enc tool does not support GCM mode, so the commands fall back to AES-256-CBC, which offers no built-in authentication tag.
  1. Different binary format — This tool packs output as salt (16 bytes) + IV (12 bytes) + auth tag (16 bytes) + ciphertext, all base64-encoded. OpenSSL uses its own Salted__ header format with an 8-byte salt and no authentication tag.

Because of these differences, any ciphertext produced here can only be decrypted here, and any ciphertext produced by those OpenSSL commands can only be decrypted by a matching openssl enc -d call.