Online Security & Cryptography Tools
Free browser-based cryptography tools for developers and security professionals. AES symmetric encryption, RSA asymmetric encryption and signing, and ECDSA elliptic curve signing — all powered by the Web Crypto API. Your keys and data never leave your device.
AES — Symmetric Encryption
Same key encrypts and decrypts. Fast, works on any data size. Standard for bulk encryption.
Encrypt text with AES-GCM, AES-CBC, or AES-CTR using a 128/192/256-bit key.
When to use: Encrypt data with a shared secret key.
Decrypt AES ciphertext. Supports combined (IV+ciphertext) or separate IV input.
When to use: Recover plaintext from AES-encrypted data.
RSA — Asymmetric Encryption & Signing
Public key encrypts / verifies; private key decrypts / signs. No shared secret needed. Limited data size.
Generate 2048 or 4096-bit RSA key pairs for encryption or signing.
When to use: Start here — generate keys for the other RSA tools.
Encrypt a message with an RSA public key using RSA-OAEP.
When to use: Send a secret to someone — they decrypt with their private key.
Decrypt RSA-OAEP ciphertext with your private key.
When to use: You received encrypted data — paste your private key to read it.
Sign a message with your RSA private key (PKCS#1 v1.5 or RSA-PSS).
When to use: Prove a message came from you and has not been altered.
Verify an RSA digital signature using the signer's public key.
When to use: Confirm a message is authentic and unmodified.
ECDSA — Elliptic Curve Signing
Compact keys and signatures with high security. Used in TLS 1.3, JWT (ES256), and blockchain.
Generate P-256, P-384, or P-521 ECDSA key pairs. Smaller and faster than RSA.
When to use: Start here — generate keys for ECDSA Sign and Verify.
Sign a message with an ECDSA private key. Produces compact signatures (64 bytes for P-256).
When to use: Sign data with elliptic curve cryptography — used in JWT ES256.
Verify an ECDSA signature using the signer's public key.
When to use: Confirm an ECDSA-signed message is authentic.
Algorithm Comparison
| Algorithm | Type | Encrypt | Sign | Key size | Best for |
|---|---|---|---|---|---|
| AES-256-GCM | Symmetric | ✅ | — | 256 bits | Fast bulk encryption |
| RSA-2048 | Asymmetric | ✅ | ✅ | 2048 bits | Key exchange, legacy PKI |
| ECDSA P-256 | Asymmetric | — | ✅ | 256 bits | TLS 1.3, JWT, compact sigs |
Common Workflows
Encrypt & Decrypt a Secret (AES)
- Generate a random key in AES Encrypt, encrypt the message
- Share the key via a secure channel (or use RSA to send the AES key)
- Recipient decrypts with AES Decrypt using the same key and mode
Encrypt for a Recipient (RSA)
- Recipient generates keys at RSA Key Generator (Encryption purpose), shares public key
- Sender encrypts at RSA Encrypt using the public key
- Recipient decrypts at RSA Decrypt using their private key
Sign & Verify a Message (ECDSA / RSA)
- Generate signing key pair at ECDSA Key Generator or RSA Key Generator
- Sign the message at ECDSA Sign or RSA Sign
- Anyone verifies authenticity at ECDSA Verify or RSA Verify using your public key
Security Notes
- All processing runs in your browser — no data is sent to any server
- Use AES-256-GCM for symmetric encryption (authenticated + fast)
- Use RSA-2048 minimum; 4096-bit for long-lived keys
- Use ECDSA P-256 for compact, modern signatures (JWT, TLS)
- RSA encrypts small payloads only (~190 bytes for 2048-bit); use hybrid encryption for larger data