Encrypt & decrypt
ClientEncrypt, decrypt, hash, or convert UTF-8 ↔ Base64 with common ciphers. Use the center column for passphrase (when applicable) and the buttons to move data between panels—same flow as a classic three-column crypto UI.
Using this page
Choose a tab for the operation (cipher, hash, Base64). Paste or type in the input panel, set keys or passphrases only when the algorithm needs them, then run the action. Output stays in your tab—clear fields when you finish on a shared machine.
For JWT header and payload inspection (not signature verification), use JWT decode. For URL-safe Base64 and percent-encoding, use the Encoding workspace. For digests on whole files, use file checksum or hex encode/decode for raw byte views.
Workspace
Pick a cipher or digest. Symmetric modes use the passphrase in the center; MD5 and Hash are one-way.
?
Uses crypto-js in your tab. No requests to our servers. Passphrase is optional but empty secrets are weak—use only for testing.
MD5 is legacy; prefer SHA-256 for integrity checks.
Passphrase
Optional; empty uses an empty secret (weak).
Nearby workflows on Toolcore
- JWT decode — to inspect header and payload bytes—not verify signatures here.
- Bcrypt hash & verify — when you need a slow password digest instead of a fast SHA tab.
- HMAC generator — for keyed digests when both parties share a secret.
- File checksum — for whole-file SHA-256 or friends instead of short pasted text.
Common use cases
- Test symmetric cipher output quickly before wiring encryption into app code.
- Generate hash digests for quick checksum checks in development workflows.
- Convert text between UTF-8 and Base64 when debugging token payload pipelines.
- Reproduce HMAC or digest samples from API docs when you need to match their normalization (line endings, charset).
Common mistakes to avoid
Treating weak hashes as secure password storage
Fast hashes like MD5 or SHA-1 are not suitable for password storage. Use dedicated password hashing in backend systems.
Losing track of cipher mode and key assumptions
Cipher results depend on algorithm details and key material; make sure both sides use matching settings.
Using the same secret everywhere
Reuse increases blast radius. Isolate secrets by environment and rotate when exposure is suspected.
FAQ
Is this tool suitable for production-grade key management?
No. It is primarily for utility and debugging workflows. Production systems need managed key lifecycles and server-side controls.
Can I compare hashes from other systems here?
Yes. Use the hash tab to reproduce digest values and check whether your input normalization matches the source system.
Does encryption run in my browser?
Yes. This workspace performs supported crypto operations locally in your browser tab.
Should I paste real production keys or passphrases here?
Avoid production secrets in any browser tool. Prefer throwaway keys for experiments, and rotate anything that was ever pasted into an untrusted or shared device.
Common search terms
Phrases people search for that match this tool. See the full long-tail keyword index.
- encrypt and decrypt online
- aes encryption in browser
- md5 sha256 hash online
- no upload encryption tool
More tools
Related utilities you can open in another tab—mostly client-side.
HMAC (SHA-256 & more)
ClientHMAC-SHA-256/384/512/1 in the browser—hex or Base64 for webhooks, signing, and API docs.
File checksum & hash
ClientSHA-256, SHA-512, MD5, CRC-32, and more for a local file—verify downloads without uploading.
Bcrypt hash & verify
Clientbcrypt password digests with adjustable cost (bcryptjs)—hash or verify $2a/$2b strings locally.
CRC-32 & CRC-32C
ClientIEEE CRC-32 and Castagnoli CRC32C on UTF-8 text or raw hex bytes—ZIP/PNG family vs iSCSI/protobuf; local only, complements file checksum for whole-file digests.