Secure Note Encrypt & Decrypt
Encrypt notes with AES-256-GCM and a password. Share the ciphertext anywhere — only the right password can read it.
Quick answer: Encrypt notes with AES-256-GCM and a password. Share the ciphertext anywhere — only the right password can read it.
Last updated
Frequently asked questions
- What encryption algorithm do you use?
- AES-256 in Galois/Counter Mode (GCM) — the same algorithm TLS, Signal and modern disk encryption use. The 16-byte authentication tag detects any tampering with the ciphertext.
- How is the key derived from my password?
- PBKDF2-HMAC-SHA-256 with 250,000 iterations and a fresh random 16-byte salt for every encryption. That's roughly half a second of work per password attempt on a modern CPU, making brute-force impractical for any password longer than a few words.
- Is my note or password sent anywhere?
- No. Encryption and decryption happen in your browser using the Web Crypto API. There is no upload and no logging.
- What does the encrypted blob contain?
- A single base64 string with three parts concatenated: 16-byte salt + 12-byte IV + ciphertext (which itself includes the GCM auth tag). Anyone with the blob and the password can decrypt; anyone without the password cannot.
- What happens if the password is wrong?
- Decryption fails with a generic 'Wrong password or corrupted data' error. We deliberately don't distinguish between the two cases so an attacker can't tell whether they got the password partially right.
- Can I share the encrypted blob over Signal or email?
- Yes. The blob is plain ASCII (URL-safe base64), so it survives any text channel. The recipient pastes it into the Decrypt tab and types the password you shared by another channel.
- Is this safe to use for legal or medical notes?
- AES-256-GCM with a strong password is genuinely state-of-the-art encryption. The realistic threats are weak passwords and key compromise — not the cipher itself. For long-term compliance work, consider an audited password manager.
- Can I encrypt a file?
- Not in this tool — it's text-only. For binary files, use VeraCrypt or a password manager's secure notes feature.
- What if I lose the password?
- There is no recovery. The whole point is that nobody — including us — can decrypt without it. Pick a passphrase you'll remember and store a backup in a password manager.
- Is the source visible so I can audit it?
- Yes — the JavaScript that runs in your browser is what you see in DevTools. The crypto helper is a thin wrapper over crypto.subtle; there are no obfuscated dependencies.