Text Encrypt & Decrypt

What Is This Tool?

The Nutilz Text Encrypt & Decrypt tool lets you scramble any text into an unreadable ciphertext using AES-256-GCM — the same encryption algorithm used in HTTPS, VPNs, and encrypted messaging apps. To unlock it, someone needs the exact password you used. Without that password, the ciphertext is indistinguishable from random noise.

Everything runs directly in your browser via the Web Cryptography API. No text is ever uploaded to a server, no keys are ever stored, and nothing is logged. Even if you encrypt a secret note and share the ciphertext publicly, it remains unreadable to anyone who does not know the password.

How to Encrypt Text

1. 1.Select the Encrypt mode (it is selected by default).
2. 2.Type or paste the text you want to protect into the input area. It can be a note, a secret message, API keys, or any string of text.
3. 3.Enter a password. Use at least 12 characters mixing letters, numbers, and symbols. The stronger the password, the harder a brute-force attack becomes.
4. 4.Click Encrypt Text. The output box shows a Base64 string — your ciphertext. This is safe to share publicly, send by email, or store in a plain text file.
5. 5.Click Copy to copy the ciphertext to your clipboard. Store your password somewhere secure — without it, the data is permanently unrecoverable.

How to Decrypt Text

1. 1.Switch to Decrypt mode using the toggle at the top.
2. 2.Paste the Base64 ciphertext you received or previously encrypted. Do not modify any characters — even a single changed character makes decryption fail.
3. 3.Enter the original password used to encrypt the text.
4. 4.Click Decrypt Text. If the password matches, the original plaintext appears in the output box.

What Is AES-256-GCM and Why Does It Matter?

AES (Advanced Encryption Standard) is the symmetric encryption algorithm chosen by the U.S. National Institute of Standards and Technology (NIST) in 2001 after a years-long international competition. It has been adopted globally by governments, militaries, and technology companies as the default encryption standard.

The 256 refers to the key length in bits. A 256-bit key has 2²⁵⁶ possible values — approximately 1.16 × 10⁷⁷. To put that in perspective, if every atom in the observable universe were a computer running a trillion key guesses per second since the Big Bang, it would still have tested an insignificant fraction of all possible keys. AES-256 is considered computationally secure against all known attacks, including quantum computers using Grover's algorithm (which reduces effective security to 128 bits — still secure).

GCM (Galois/Counter Mode) is the mode of operation. It provides authenticated encryption: the cipher not only scrambles your data but also computes an authentication tag that verifies the ciphertext has not been tampered with. If someone flips even a single bit in the ciphertext, decryption fails with an authentication error — the tampering is detected. This makes AES-GCM far superior to older modes like AES-CBC, which encrypt but do not authenticate.

How PBKDF2 Protects Your Password

AES requires a cryptographic key, not a human-readable password. Directly using your password as the key would be insecure — most passwords are far shorter and less random than a 256-bit key. This tool uses PBKDF2 (Password-Based Key Derivation Function 2) to transform your password into a secure 256-bit key.

PBKDF2 applies a cryptographic hash function (SHA-256) to your password combined with a random salt, repeating that process 100,000 times. This makes the key derivation intentionally slow — each guess in a brute-force attack must run 100,000 SHA-256 computations. An attacker trying one million passwords per second would need billions of years to exhaust a 12-character alphanumeric password space.

The random salt (a 16-byte random value generated fresh for every encryption) means that encrypting the same text with the same password produces a different ciphertext each time. This prevents rainbow table attacks and ensures two identical plaintexts yield unrelated ciphertexts. The salt is embedded in the output so decryption can recover it automatically — you do not need to store or transmit it separately.

Practical Use Cases for Text Encryption

• Sending secrets over insecure channels. Email, SMS, and most chat apps are not end-to-end encrypted. You can encrypt a secret (API key, account password, personal note) with a shared password, send the ciphertext over any channel, and communicate the password through a different channel. Even if the ciphertext is intercepted, it is useless without the password.
• Storing sensitive notes in plain-text files. If you keep notes in Notion, Obsidian, or plain .txt files that sync to the cloud, you might not want certain entries — like recovery codes, seed phrases, or medical information — readable by the cloud provider. Encrypt those entries and only store the ciphertext.
• Sharing API keys and credentials with a team. Instead of sending API keys in Slack where they remain in message history, encrypt the key with a password shared via a separate channel (phone call, in-person). Paste the ciphertext in Slack. Team members paste it here and decrypt with the shared password.
• CTF (Capture the Flag) competitions. Text encryption is a common challenge category. This tool lets you experiment with AES-GCM encryption and verify expected outputs when building or solving CTF challenges.
• Educational exploration. If you are learning cryptography, this tool lets you observe how the same plaintext produces different ciphertexts with different passwords (or even the same password, due to the random IV), reinforcing core concepts like semantic security and randomized encryption.

Encryption vs. Encoding vs. Hashing

These three terms are frequently confused, but they serve completely different purposes.

Note: this tool outputs the ciphertext as Base64 for convenience — that is the encoding layer on top of the encryption. The Base64 string is not the secret; the AES encryption underneath it is.

What Makes a Strong Encryption Password?

Because PBKDF2 derives the key from your password, the security of the encryption is bounded by the strength of your password. A short or predictable password is the weakest link. Here is what to aim for:

• Length over complexity. A 20-character passphrase of random words is more secure than an 8-character string of symbols. Longer passwords exponentially expand the search space for an attacker.
• Avoid dictionary words and patterns. "password123", "qwerty", names, dates, and keyboard patterns are tried first in any dictionary attack.
• Use a password manager. Let a password manager generate and store a 20+ character random password for each sensitive message you encrypt. You only need to remember one master password.
• Never reuse passwords across encrypted messages. If one password is compromised, only that message is exposed — not everything you ever encrypted.

Common Mistakes to Avoid

• Sending the ciphertext and password in the same message. If both are intercepted, encryption provides no protection. Communicate the password through a different channel.
• Modifying the ciphertext. AES-GCM will reject any ciphertext that has been altered, even by a single character. Do not manually edit or reformat the Base64 output.
• Losing the password. There is no reset or recovery. If you encrypt something you will need later, store the password securely before closing the tab.
• Assuming encryption hides metadata. Encryption protects the content of a message, but not the fact that you sent it, its length, or who you sent it to. For complete anonymity, additional measures are required.

Frequently Asked Questions