A full cryptographer's console running entirely inside your browser. Real AES-256, RSA, ECDSA, hashing, and an intelligence layer that tells you what an unknown payload actually is.
Authenticated symmetric encryption. A password is stretched with PBKDF2 into a 256-bit key; output is self-describing and tamper-evident — a single altered byte fails the integrity check on decrypt.
Generate public/private keypairs, then encrypt, sign, or verify. Private keys are generated locally and never transmitted — what you copy is all that exists.
One-way fingerprints. Identical input always yields identical output; a one-character change cascades through the entire digest. Use for integrity checks and verification.
Historical and encoding ciphers for CTFs, puzzles, and learning. Not for protecting real secrets — these are reversible without a key or trivially broken. Use the Vault for actual security.
Drop a file or paste text. Cipher Chk measures Shannon entropy, profiles byte distribution, sniffs magic bytes, and tells you what you're probably looking at — encrypted, compressed, encoded, or hiding something.
Cryptographically secure random generation via the browser's CSPRNG. Forge passphrases, keys, tokens, and UUIDs that never touch a server.
Constant-time comparison of two values — text, hashes, or whole files. Confirms a download wasn't tampered with, two secrets match, or a fingerprint is authentic, without leaking where they differ through timing.
Split a secret into N shares where any K reconstruct it — and any fewer reveal nothing. The classic "no single person holds the launch key." Pure information-theoretic security over GF(256); the math is exact, not encryption.
Seal a message into an encrypted payload + a key that lives only in a URL #fragment — the part of a link browsers never send to servers. Send the payload one way and the key another for true split-channel secrecy.
A live TOTP generator — the same 6-digit codes as Google Authenticator or Authy, computed locally from your secret. Paste a Base32 secret or a full otpauth:// URI. The secret never leaves this tab.
Destroy sensitive data beyond casual recovery. Overwrite a secret in the field with random passes, or generate a same-size random file to overwrite an original on disk.
Export your keys, notes, or generated secrets as a single AES-256-GCM encrypted file you can store anywhere safely — then restore it later with the same passphrase. Your backup is useless to anyone without the phrase.