Encryption Tools & Guides
One page for everything in the encryption cluster. Learn the concepts with in-depth guides, compare algorithms side-by-side, and use free browser-based tools — all without sending data to a server.
Read the Complete Guide: Encoding vs Encryption vs Hashing →Overview
Choose the right tool for your task:
- If you need secrecy—use encryption (AES or RSA)Encryption tools ↓
- If you need integrity—use hashing or HMACHashing tools ↓
- If you need password storage—use bcrypt or Argon2Password tools ↓
- If you need tokens/API auth—decode JWTs or generate API keysToken tools ↓
- If you need safe data transport formatting—use Base64 or URL encoding (not security)Encoding tools ↓
Not sure which applies? Read the pillar guide for a full decision framework.
Encryption & Security Tools
All tools run locally in your browser — no data is uploaded or stored.
A) Encryption
Encrypt and decrypt data using AES-256 or generate RSA key pairs for asymmetric operations.
B) Hashing & Integrity
Generate SHA-256/MD5 checksums and HMAC signatures for data integrity and API authentication.
C) Password Security
Hash passwords with bcrypt, check password strength, and generate strong passphrases and PINs.
D) Encoding & Tokens
Encode/decode Base64 and URL-encoded strings, inspect JWTs, and generate API keys.
Most tools run locally in your browser. If a tool ever requires server processing, it will clearly say so on the tool page.
Encryption Guides
In-depth reference pages — start with the pillar guide, then explore by topic.
A practical reference to encoding, hashing, encryption, and signing—what they are and when to use each.
A practical guide to hashing and HMAC—how they differ, what problems they solve, and how to choose the right approach for integrity and authentication.
A practical guide to authenticated encryption — what AEAD is, how AES-GCM and ChaCha20-Poly1305 work, and when to use each mode over CBC or CTR.
Learn how password hashing works, why MD5 and SHA-256 are insufficient for passwords, what salting and key stretching do, and which algorithm to use today.
A practical explanation of TLS — what it protects, how the handshake works, certificates and trust, and common mistakes developers make.
The difference between encryption at rest and in transit — threat models, technologies, key management, real-world examples, and common mistakes.
How digital signatures work — hash, sign with private key, verify with public key. Covers signature vs HMAC, real-world uses (JWTs, TLS, code signing), and common mistakes.
Avoid the most costly encryption errors: using encryption for passwords, hardcoding keys, skipping authenticated modes, ignoring certificate warnings, and more.
Encryption Comparisons
Decision-focused breakdowns to help you pick the right algorithm or format.
Symmetric uses one shared key; asymmetric uses a public/private key pair. Learn how each works, when to use AES vs RSA, and why modern systems use both.
Symmetric vs asymmetric encryption—how they differ and how modern systems use both together.
ECC achieves equivalent security to RSA with dramatically smaller keys — a 256-bit ECC key matches a 3072-bit RSA key. Compare performance, signature size, key sizes, and when to use each in TLS, JWT, and SSH.
AES-GCM provides authenticated encryption (AEAD) and is mandated by TLS 1.3. AES-CBC provides confidentiality only and is vulnerable to padding oracle attacks. Compare modes, security risks, and use cases.
MD5 is fast but cryptographically broken. SHA-256 is the current standard. Compare output size, collision resistance, speed, and when to use each.
Understand the difference between SHA-256 hashing and HMAC-SHA256, when to use each, and how they relate to integrity and authentication.
Compare bcrypt, Argon2id, and PBKDF2 for secure password storage. Understand work factors, memory hardness, GPU resistance, FIPS compliance, and which to use today.
Understand the difference between Base64 encoding and URL encoding, when to use each, and common mistakes developers make.
Frequently Asked Questions
What's the difference between encryption, hashing, and encoding?
Encryption is reversible with a key — use it when data must be readable again. Hashing is one-way — use it for integrity checks and password storage. Encoding (Base64, URL) has no secret and is fully reversible — it provides no security. These operations are not interchangeable.
Should I encrypt or hash passwords?
Hash them — never encrypt. Encrypted passwords can be decrypted if the key is compromised. Hashed passwords cannot be reversed. Use a slow, memory-hard algorithm: Argon2id for new systems, bcrypt (cost 12+) as a widely-supported fallback. Never use SHA-256 or MD5 directly for passwords.
What is authenticated encryption?
Authenticated encryption (AEAD) combines confidentiality and integrity in a single operation. AES-GCM is the standard example: it encrypts the data and produces an authentication tag that detects tampering. AES-CBC provides confidentiality only and requires a separate MAC. TLS 1.3 mandates AEAD ciphers.
What is TLS and why does it matter?
TLS (Transport Layer Security) is the protocol behind HTTPS. It provides confidentiality, integrity, and server authentication for data in transit. Without it, any network observer can read or modify traffic. TLS 1.3 is the current standard; TLS 1.0 and 1.1 are deprecated.
Is Base64 secure?
No. Base64 is an encoding scheme, not encryption. It converts binary data to printable ASCII for transport compatibility. It is fully reversible without any key. Encoding Base64-encoded data does not hide or protect it in any meaningful way.
When should I use HMAC vs digital signatures?
Use HMAC when both parties share a secret key and you only need integrity and authentication (webhook verification, JWT HS256, AWS Signature V4). Use digital signatures (RSA-PSS, ECDSA, Ed25519) when you need non-repudiation or a public verifier — i.e., when the verifier should not be able to forge signatures.
Which encryption tool should I use first?
Start with the pillar guide to understand which primitive fits your problem. If you need to encrypt data, use the AES Encrypt/Decrypt tool. If you need to hash passwords, use the Bcrypt Hash Generator. If you need to inspect a JWT, use the JWT Decoder. Each tool page explains its use case.
Where to go next
Start with the complete guide, or jump straight to the tools.