Client-Side JavaScript AES

If you and a friend have a shared secret passphrase—either because you agreed on it offline or because one of you communicated it to the other with the other's public key—you can communicate directly with each other with password-based encryption using AES. This page uses the crypto-js implementation of AES and produces a base64-encoded PKCS#7-padded AES-256 CBC-mode cipher that can be pasted into an email or into a chat, or even safely posted to a public forum. It can be decrypted only by someone who knows the passphrase. They can decrypt it using this page, or openSSL (openssl enc -d -aes-256-cbc -a -in infile -out outfile -pass pass:"secret passphrase" ~with some older versions of openssl—e.g. the ubiquitous 0.9.8—infile might need a trailing linefeed for the -a option to work), or javax.crypto.Cipher, or any other decrypter that can handle the format. If you get an empty string on decryption, chances are you entered a bad passphrase, unless your friend—rather pointlessly—sent you an empty message.

All processing happens in javascript on the client; nothing is stored or sent anywhere. Check the javascript source. Check your local storage, session storage, and cookies. But if you're feeling really paranoid about possible phoning home because of all that minified crypto-js code, disconnect from your network before entering your passphrase or encrypting. Even better: throw wireshark or network monitor across that connection and watch the (relative) silence. Then quit the page and let the RAM-resident ephemera vanish into your heatsink.

▼ encrypt the plaintext message ▼ ▲ decrypt the encrypted message ▲