What Is an Encrypted Notepad?
An encrypted notepad lets you protect sensitive text — passwords, private notes, API keys, personal information — by encrypting it with a passphrase before storing or sharing it. This tool uses AES-256-GCM, the same encryption standard used by governments and financial institutions, implemented entirely in your browser using the Web Crypto API. No data is ever sent to a server.
How the Encryption Works
When you click "Encrypt," the tool generates a random 16-byte salt and 12-byte initialization vector (IV). Your passphrase is fed through PBKDF2 with 100,000 iterations of SHA-256 to derive a 256-bit AES key. The text is then encrypted with AES-GCM, which provides both confidentiality and integrity verification. The salt, IV, and ciphertext are combined and Base64-encoded for easy copying. To decrypt, the same passphrase recreates the identical key through PBKDF2 and reverses the process.
How to Use This Tool
- Enter a strong passphrase — Use a passphrase you can remember but others cannot guess. Longer passphrases are exponentially more secure.
- Type or paste your text — Enter the sensitive text you want to protect in the text area.
- Click Encrypt — The tool encrypts your text instantly. Copy the encrypted output or save it as a file.
- To decrypt — Switch to Decrypt mode, paste the encrypted text, enter the same passphrase, and click Decrypt.
Use Cases
Store encrypted notes in cloud storage services without trusting them with your content. Send sensitive information through email or chat by encrypting it first and sharing the passphrase through a separate channel. Keep API keys, recovery codes, or personal information in an encrypted format on your own device. Back up sensitive documents with an additional encryption layer beyond your disk encryption.
Frequently Asked Questions
How does this encrypted notepad work?+
This tool uses your browser's built-in Web Crypto API to encrypt text with AES-256-GCM — the same encryption standard used by banks and governments. Your passphrase is converted to a cryptographic key using PBKDF2 with 100,000 iterations. Everything happens locally in your browser — nothing is sent to any server.
Is it safe to encrypt text in the browser?+
Yes. The Web Crypto API provides cryptographically secure operations that run entirely in your browser. No data is transmitted, stored, or logged. The encrypted output cannot be decrypted without the exact passphrase you used.
What happens if I forget my passphrase?+
There is no recovery mechanism. AES-256-GCM encryption is designed so that without the correct passphrase, the data is permanently unrecoverable. Always store your passphrase in a password manager.
What encryption algorithm protects my notes?+
AES-256-GCM — an authenticated encryption mode that prevents both reading and tampering. The encryption key is derived from your password using PBKDF2 with 600,000 iterations (OWASP 2024 recommendation).
Where are my notes stored?+
In your browser’s localStorage — nowhere else. Notes never leave your device. Clearing browser data deletes them; there is no cloud backup. Export notes manually if you want a backup.
What happens if I forget my password?+
Nothing can recover the notes — that’s the point of zero-knowledge encryption. The password is the key; without it, the encrypted data is mathematically unrecoverable. Use a password manager and consider a written backup of the password in a secure location.
Can I share encrypted notes between devices?+
Export a note as an encrypted file (.enc), transfer via any channel, then import on another device using the same password. The transfer carries no plaintext at any point.
Is the source code auditable?+
Yes — the tool runs entirely client-side. View the JavaScript via your browser’s DevTools to confirm the encryption logic. The crypto primitives come from Web Crypto API (built into every modern browser), not custom code.
Built by Derek Giordano · Part of Ultimate Design Tools