Cryptor (AES-256)
Client-side AES-256-GCM encryption of text in your browser with password protection and PBKDF2 — your starting point for the manual, examples, and tips.
Encrypt text without anything leaving your browser
Cryptor (AES-256) encrypts and decrypts text messages with a password — entirely inside your browser. You enter a password and some text, click Encrypt, and get back a Base64 block that only someone with the same password can turn readable again. To decrypt, you paste the block, supply the password, and click Decrypt.
The key point: neither your plaintext, nor your password, nor the ciphertext is ever sent to a server. The actual cryptography runs through the browser's Web Crypto API — locally, with no account and no installation. That makes Cryptor a good fit for anything you want to store safely or send over an insecure channel: a note, some credentials, a short confidential message. You exchange the password separately; the ciphertext can travel happily through an email or a chat.
The tool is built for anyone who needs to symmetrically encrypt a piece of text quickly, without reaching for desktop software or a command-line utility: developers who want to hand over a secret snippet safely; admins who need to stash a confidential note; and anyone who finds OpenPGP too heavyweight for the occasion.
What Cryptor does — at a glance
- Encrypt — turns your plaintext into a Base64 block of AES-256-GCM ciphertext.
- Decrypt — makes a ciphertext readable again with the correct password; automatically detects whether it's the modern or an older (legacy) format.
- Generate a password — one click on the key icon produces a long random password.
- File operations — Open loads a text file into the field, Save stores the current content as a file, Copy puts it on the clipboard, Clear wipes the field and the password.
- Drag and drop — drop a file onto the text area to load its content.
The crypto under the hood
Cryptor relies on modern, vetted methods throughout rather than home-grown cryptography:
- AES-256-GCM as the algorithm — an authenticated encryption. That means decryption checks not only the password but also whether the ciphertext is unchanged. Tampered or corrupted data is detected and rejected instead of yielding garbage.
- PBKDF2 with SHA-256 and 300,000 iterations derives the actual 256-bit key from your password. The high iteration count makes brute-forcing passwords expensive.
- Random salt and IV per encryption, drawn from the browser's cryptographically secure random generator. The same text with the same password therefore produces a different ciphertext every time.
Exactly how the output is laid out and which parameters apply in detail is covered in the manual.
Architecture: a tool that sends almost nothing to a server
Encryption and decryption happen 100% client-side — plaintext, password, and ciphertext stay in your browser. There is exactly one optional server interaction: when you click Generate secure password, the tool fetches a fresh random password from a small server endpoint. No data of yours is transmitted in the process — the response is just a string. If you type your own password, no server contact happens at all.
Because the Web Crypto API requires a secure context, Cryptor only runs over HTTPS (or locally via localhost). For security reasons the tool also keeps no history — it stores nothing between runs; a cleared or reloaded page really is empty.
Try it now
→ Open Cryptor (AES-256) — enter a password and some text, click Encrypt, done. No account, free, right in the browser. To decrypt, paste the same password and the ciphertext, then click Decrypt.
Related JPKCom tools
- Password & key generator — produce strong passwords and keys in various flavors to use as your Cryptor password.
- Hash generator — compute checksums and hashes, for instance to verify a file's integrity.
- PKI / certificates — for when you need asymmetric cryptography instead of a shared password.
There's more on the sub-pages: the manual with every crypto parameter and function, real-world examples, and collected tips & tricks.