Security

Text Encrypt / Decrypt

Protect a message with a passphrase using AES-256-GCM (authenticated encryption) and PBKDF2 key stretching in the Web Crypto API. Each encryption uses a random salt and IV; ciphertext is prefixed with dxp1: for a clear format. Nothing is uploaded to DroidXP — processing stays in your browser, like our APK Analyzer and APK String Extractor.

Ad placement — top banner

PBKDF2-SHA-256 with 250,000 iterations derives the AES key. If you lose the passphrase, ciphertext cannot be recovered.

Ad placement — mid rectangle

What this tool does

It encrypts UTF-8 text with AES-256-GCM, which provides both confidentiality and authenticity (tampering is detected on decrypt). A random 16-byte salt and 12-byte IV are generated per encryption. Your passphrase is stretched with PBKDF2 (SHA-256, 250,000 iterations) before deriving the AES key — this slows brute-force guessing compared to using the passphrase directly.

Format: dxp1:

The ciphertext string is dxp1: followed by Base64 encoding of salt ∥ IV ∥ ciphertext (including GCM authentication tag). Only data produced by this page with that prefix is accepted for decrypt — other tools use different layouts unless you reimplement the same parameters.

Privacy

Plaintext, passphrase, and ciphertext stay in your browser tab. DroidXP does not receive them. No third-party crypto libraries are loaded — only the browser’s built-in Web Crypto implementation is used.

How to use this tool

  1. Step 1: Enter a strong passphrase and type or paste your message in Plain text.
  2. Step 2: Click Encrypt — ciphertext appears on the right. Copy or store it; keep the passphrase separate.
  3. Step 3: To read again, paste the ciphertext (including dxp1:), enter the same passphrase, and click Decrypt.

Frequently Asked Questions

Does DroidXP upload my message or passphrase?

No. Encryption and decryption run entirely in your browser using Web Crypto. Nothing is sent to DroidXP servers for this tool.

What algorithms and parameters does this use?

AES-256-GCM for encryption, PBKDF2 with SHA-256 and 250,000 iterations for key derivation, a 16-byte random salt, and a 12-byte random IV per encryption.

Why does Encrypt take a moment?

PBKDF2 intentionally performs many hash iterations so guessing weak passphrases is slower. On low-end devices this can take a few seconds — that is expected.

Can I decrypt without the passphrase?

No. If you lose the passphrase, the ciphertext cannot be recovered. We do not store keys or offer recovery.

Is this compatible with OpenSSL or GPG?

Not directly. Those tools use different file formats, options, and often different KDFs. This page is for self-contained browser use with the dxp1: format only.

Does Web Crypto work on HTTP?

crypto.subtle is restricted to secure contexts (HTTPS or localhost). On plain HTTP, encryption may fail — use HTTPS or test locally.

Is this appropriate for production or regulated data?

This is a general-purpose browser helper, not a certified product. For regulated, high-value, or long-term secrets, follow your organization’s policies and use reviewed, audited tooling.

What if decryption says “wrong passphrase”?

The passphrase may be mistyped, the ciphertext truncated or edited, or the data may not have been produced by this tool. GCM verification fails on any bit flip.

Should I use the same passphrase as my login password?

Prefer a unique strong passphrase for encrypted notes, stored separately from website passwords. A password manager can help generate and store it.

Is the clipboard safe?

Clipboard contents may be visible to other apps or history tools. Clear fields after use on shared machines, especially for passphrase and plaintext.

How is this different from the Hash Generator?

The Hash Generator produces one-way fingerprints. This tool is reversible with the passphrase — use it when you need confidentiality, not just a checksum.

Ad placement — sidebar 300×600