AES-256 text encryption
Type text and a password to get back an unreadable, encrypted string — your contact pastes it in, enters the same password, and reads the text.
How this keeps text private
Your password never travels anywhere — a unique encryption key is derived from it locally (PBKDF2, 250,000 iterations) with a random salt, then AES-256-GCM encrypts the text with a random IV. Salt and IV are bundled into the output string so decryption only needs the password, not any extra values to keep track of.
How do I share the encrypted text safely?
Send the encrypted string over whatever channel you like (email, chat) — it's unreadable without the password. Share the password itself through a different channel (a phone call, in person), never alongside the encrypted text.
Is AES-256 actually secure?
Yes — AES-256 is the standard used by governments and banks. The weak point is almost always the password: a short or guessable one undermines everything else, so use a long, random one.
Is my text or password sent anywhere?
No — encryption and decryption run entirely in your browser using the Web Crypto API. Nothing is uploaded.
