Caesar cipher shifts each letter by a fixed number of positions in the alphabet. The same shift is used for both encryption and decryption (just use the inverse). Non-letter characters are preserved unchanged.
Shift (1–25)
13
Mode
Input Text
Result Encrypted
Vigenere cipher uses a keyword to apply a different Caesar shift to each character. The keyword repeats to match the input length. Only letters A–Z and a–z are shifted; everything else passes through unchanged.
Keyword
Mode
Input Text
Result Encrypted
XOR cipher applies a bitwise XOR between each character and the repeating key. Applying the same key twice restores the original — so Encrypt and Decrypt are identical operations. Output is Base64-encoded to stay readable.
Key (any text)
Mode
Input Text
Result Encrypted
AES-256-GCM via the browser's native Web Crypto API. A random 96-bit IV is generated per encryption; ciphertext is stored as iv:ciphertext in Base64. Decryption automatically extracts the IV. Your password never leaves the browser.
Password
Mode
Input Text
Processing…
Result Encrypted

How Each Cipher Works

Caesar Cipher

The Caesar cipher is one of the oldest encryption techniques. It shifts every letter in the plaintext forward (encrypt) or backward (decrypt) by a fixed number of positions in the 26-letter alphabet. A shift of 13 is the special case known as ROT13 — applying it twice returns the original text. Digits, spaces, and punctuation are left unchanged.

Strength: Very weak by modern standards — there are only 25 possible shifts and brute-forcing all of them takes seconds.

Vigenere Cipher

The Vigenere cipher improves on Caesar by using a keyword instead of a single fixed shift. Each letter of the keyword specifies the shift for the corresponding input letter. When the key is shorter than the input, it wraps around. This makes simple frequency analysis harder — but repeated key patterns can still be exploited by the Kasiski examination.

Strength: Historically considered strong; now easily broken with key-length analysis. Good for learning and puzzles, not for securing sensitive data.

XOR Cipher

XOR applies the bitwise exclusive-OR operation between each byte of the plaintext and the corresponding byte of a repeating key. Because XOR is its own inverse, the encrypt and decrypt operations are identical — just apply the key again. This tool outputs the result as Base64 for readability. A truly random key of the same length as the message (a one-time pad) is theoretically unbreakable, but a short repeating key is vulnerable to known-plaintext attacks.

Strength: Depends entirely on key length and randomness. Only use with long, random, non-repeating keys for serious security.

AES-256-GCM

AES (Advanced Encryption Standard) with a 256-bit key in GCM (Galois/Counter Mode) is the current industry standard for symmetric encryption. This tool derives the encryption key from your password using PBKDF2 with SHA-256 and 100,000 iterations over a random 16-byte salt — making brute-force dictionary attacks significantly harder. A random 96-bit IV (nonce) is generated for every encryption operation, so encrypting the same plaintext twice produces different ciphertext. The output encodes salt, IV, and ciphertext as Base64 separated by colons.

Strength: Very strong when used with a long, random password. The Web Crypto API runs in the browser’s native cryptographic layer — your password and plaintext never leave your device.

Privacy Notice

All operations run entirely in your browser. No text, keys, or passwords are transmitted to any server. AES-256-GCM uses the browser’s built-in Web Crypto API (SubtleCrypto). Caesar, Vigenere, and XOR are implemented in pure JavaScript.

Generate secure random passwords → Password Generator

Hash text with MD5, SHA-256, SHA-512 → Hash Generator

Encode and rotate text with ROT13 → ROT13 Encoder