/ tools · Secure Vault

Secure Vault

Lock a note or a file behind a passphrase, then unlock it later — or send the locked blob to someone who knows the secret. AES-256-GCM with PBKDF2 key stretching, all inside this tab. Your data and your passphrase are never uploaded, logged, or recoverable by anyone but you.

Operation

Source

Text to encrypt

Passphrase

Enter a passphrase

How the lock works

AES-256-GCM · PBKDF2-SHA-256 · 250k iterations

Your passphrase is stretched, not stored. PBKDF2 runs 250,000 SHA-256 rounds over a random 16-byte salt to derive the 256-bit key. The key exists only in memory and is thrown away when you close the tab.

AES-256-GCM is authenticated. If even one byte of the locked blob is altered, or the passphrase is wrong, decryption fails loudly instead of returning garbage.

Self-contained output. The salt and nonce travel inside the blob, so any modern browser can unlock it later with just the passphrase — no key files to keep.

No recovery. There is no backdoor and no reset. Lose the passphrase and the data is gone for good — that is the entire point. Store it in a password manager.