Hashes, Tokens & Certificates

Client-side AES encryption and decryption with GCM, CBC, and CTR modes, PBKDF2 passphrase derivation and raw key input — keys are not uploaded by the tool

Client-side BCrypt password hash toolkit with three tabs: Generate (cost 4-15, $2a/$2b/$2y version selector, 3 output formats), Verify (auto-parses cost/version with OWASP guidance), and Inspect (dissect any bcrypt hash into prefix/cost/salt/hash). Real-time 72-byte truncation warning, progress bar, cancel button, and mobile-friendly chip controls.

Client-side DES and 3DES (2-key/3-key) encryption & decryption with zero dependencies. Supports five modes (ECB/CBC/CFB/OFB/CTR) and five padding schemes (PKCS#7/Zero/ANSI X.923/ISO 10126/No Padding). Independent encoding switchers for Key/IV/Input/Output (Hex/UTF-8/Base64), real-time byte-length hints, built-in NIST test vectors, persistent deprecation banner (DES 2005, 3DES Jan 2024), and K1/K2/K3 key visualization. For education and legacy interop only — keys and plaintext are not uploaded by the tool.

MD5 & SHA Hash Calculator

Client-side AES encryption and decryption with GCM, CBC, and CTR modes, PBKDF2 passphrase derivation and raw key input — keys are not uploaded by the tool

Client-side BCrypt password hash toolkit with three tabs: Generate (cost 4-15, $2a/$2b/$2y version selector, 3 output formats), Verify (auto-parses cost/version with OWASP guidance), and Inspect (dissect any bcrypt hash into prefix/cost/salt/hash). Real-time 72-byte truncation warning, progress bar, cancel button, and mobile-friendly chip controls.

Client-side DES and 3DES (2-key/3-key) encryption & decryption with zero dependencies. Supports five modes (ECB/CBC/CFB/OFB/CTR) and five padding schemes (PKCS#7/Zero/ANSI X.923/ISO 10126/No Padding). Independent encoding switchers for Key/IV/Input/Output (Hex/UTF-8/Base64), real-time byte-length hints, built-in NIST test vectors, persistent deprecation banner (DES 2005, 3DES Jan 2024), and K1/K2/K3 key visualization. For education and legacy interop only — keys and plaintext are not uploaded by the tool.

MD5 & SHA Hash Calculator

Client-side HMAC calculator with SHA-1/256/384/512, UTF-8/Hex/Base64 key formats, text & file input, and HMAC verification

Generate local htpasswd lines for Apache/Nginx Basic Auth with bcrypt, apr1, and SHA-1 output

Hide secret messages inside images entirely in your browser with LSB (least-significant-bit) steganography, optional AES-GCM-256 encryption (PBKDF2-SHA-256 100k rounds), and optional gzip compression — output is always lossless PNG. Live capacity meter, accepts JPEG/PNG/WebP/BMP covers (JPEG triggers a warning, alpha auto-flattened to white), round-trip self-verify after embedding confirms the payload will decode. Extract distinguishes three states clearly: no-payload / wrong-password / corrupted. Four upload paths (drag / paste / gallery / camera), bilingual zh/en UI, 44px mobile touch targets, iOS Safari 16MP canvas guard. Client-side processing; images and passwords are not uploaded by the tool.

Decode JWT header/payload and inspect exp/iat/nbf claims (no signature verification)

Generate HS256 JWTs locally in your browser from payload JSON, optional header extras, and a shared secret.

Free online password generator for secure random passwords with customizable length, character sets, and ambiguous-character exclusion.

Free online password strength checker with pattern detection, crack-time estimation, pinyin/CJK dictionaries, and optional HIBP breach check — all client-side.

Client-side PBKDF2 key derivation calculator with SHA-1/256/384/512, configurable iterations and key length, UTF-8/Hex/Base64 salt formats, RFC 6070 test vectors, Web Worker for long iterations, multi-format output (Hex/Base64/byte array/code snippets), OpenSSL CLI preview, and OWASP 2023 defaults

Decode a single PEM X.509 certificate locally and inspect subject, issuer, validity, extensions, and the SHA-256 fingerprint.

Client-side RC4 stream cipher (aka ARC4 / Arcfour) encrypt and decrypt with zero dependencies. Flexible 1-256 byte keys. Independent encoding switchers for Key / Input / Output (Hex / UTF-8 / Base64) with real-time UTF-8 byte counters (not character counts). Built-in RFC 6229 official test vectors (40/64/128/256-bit) plus Wikipedia demo, RC4-drop[N] hardening presets (0/768/1536/3072), Swap I/O, and Roundtrip self-test. Persistent RFC 7465 (2015) deprecation banner (TLS prohibited / FMS 2001 broke WEP / NOMORE 2015). For education and legacy interop only — keys and plaintext are not uploaded by the tool.

Generate RSA key pairs locally in your browser with WebCrypto API. Supports RSA-OAEP, RSASSA-PKCS1-v1_5, and RSA-PSS algorithms, 2048–4096-bit keys, PEM, PKCS#1, and JWK output — private keys are not uploaded by the tool

Client-side RSA digital signature and verification tool. Supports RSASSA-PKCS1-v1_5 and RSA-PSS algorithms, SHA-256/384/512 hashes, PEM (PKCS#8/SPKI) and JWK key formats, JWT presets (RS256/PS256), and OpenSSL command preview — private keys are not uploaded by the tool

Client-side TOTP/HOTP one-time password generator with SHA-1/256/512, QR code scan & generate, otpauth:// URI parsing, code verification — secrets are not uploaded by the tool