Privacy & Security

Scan JPG/JPEG files locally in bulk for EXIF APP1 metadata and export new JPG clean copies only for images with removable EXIF.

Detect EXIF, XMP, IPTC and other metadata in one JPG/JPEG locally. Export a clean copy via lossless strip or Canvas redraw.

Read EXIF and related metadata from images to inspect capture settings and provenance.

Remove common document info metadata from one PDF locally and export a new copy.

Add rectangle or ellipse masks to one image locally with undo/redo, and export a new flattened JPG or PNG copy.

Clean one screenshot locally by manually obscuring or cropping visible regions, then export a new flattened JPG or PNG copy.

Mask email addresses and custom literal terms locally in your browser with explicit rules and generate a copyable redacted text.

Client-side AES encryption and decryption with GCM, CBC, and CTR modes, PBKDF2 passphrase derivation and raw key input — keys are not uploaded by the tool

Client-side BCrypt password hash toolkit with three tabs: Generate (cost 4-15, $2a/$2b/$2y version selector, 3 output formats), Verify (auto-parses cost/version with OWASP guidance), and Inspect (dissect any bcrypt hash into prefix/cost/salt/hash). Real-time 72-byte truncation warning, progress bar, cancel button, and mobile-friendly chip controls.

Client-side DES and 3DES (2-key/3-key) encryption & decryption with zero dependencies. Supports five modes (ECB/CBC/CFB/OFB/CTR) and five padding schemes (PKCS#7/Zero/ANSI X.923/ISO 10126/No Padding). Independent encoding switchers for Key/IV/Input/Output (Hex/UTF-8/Base64), real-time byte-length hints, built-in NIST test vectors, persistent deprecation banner (DES 2005, 3DES Jan 2024), and K1/K2/K3 key visualization. For education and legacy interop only — keys and plaintext are not uploaded by the tool.

MD5 & SHA Hash Calculator

Client-side HMAC calculator with SHA-1/256/384/512, UTF-8/Hex/Base64 key formats, text & file input, and HMAC verification

Generate local htpasswd lines for Apache/Nginx Basic Auth with bcrypt, apr1, and SHA-1 output

Hide secret messages inside images entirely in your browser with LSB (least-significant-bit) steganography, optional AES-GCM-256 encryption (PBKDF2-SHA-256 100k rounds), and optional gzip compression — output is always lossless PNG. Live capacity meter, accepts JPEG/PNG/WebP/BMP covers (JPEG triggers a warning, alpha auto-flattened to white), round-trip self-verify after embedding confirms the payload will decode. Extract distinguishes three states clearly: no-payload / wrong-password / corrupted. Four upload paths (drag / paste / gallery / camera), bilingual zh/en UI, 44px mobile touch targets, iOS Safari 16MP canvas guard. Client-side processing; images and passwords are not uploaded by the tool.

Decode JWT header/payload and inspect exp/iat/nbf claims (no signature verification)

Generate HS256 JWTs locally in your browser from payload JSON, optional header extras, and a shared secret.

Free online password generator for secure random passwords with customizable length, character sets, and ambiguous-character exclusion.

Free online password strength checker with pattern detection, crack-time estimation, pinyin/CJK dictionaries, and optional HIBP breach check — all client-side.

Client-side PBKDF2 key derivation calculator with SHA-1/256/384/512, configurable iterations and key length, UTF-8/Hex/Base64 salt formats, RFC 6070 test vectors, Web Worker for long iterations, multi-format output (Hex/Base64/byte array/code snippets), OpenSSL CLI preview, and OWASP 2023 defaults

Decode a single PEM X.509 certificate locally and inspect subject, issuer, validity, extensions, and the SHA-256 fingerprint.

Client-side RC4 stream cipher (aka ARC4 / Arcfour) encrypt and decrypt with zero dependencies. Flexible 1-256 byte keys. Independent encoding switchers for Key / Input / Output (Hex / UTF-8 / Base64) with real-time UTF-8 byte counters (not character counts). Built-in RFC 6229 official test vectors (40/64/128/256-bit) plus Wikipedia demo, RC4-drop[N] hardening presets (0/768/1536/3072), Swap I/O, and Roundtrip self-test. Persistent RFC 7465 (2015) deprecation banner (TLS prohibited / FMS 2001 broke WEP / NOMORE 2015). For education and legacy interop only — keys and plaintext are not uploaded by the tool.

Generate RSA key pairs locally in your browser with WebCrypto API. Supports RSA-OAEP, RSASSA-PKCS1-v1_5, and RSA-PSS algorithms, 2048–4096-bit keys, PEM, PKCS#1, and JWK output — private keys are not uploaded by the tool

Client-side RSA digital signature and verification tool. Supports RSASSA-PKCS1-v1_5 and RSA-PSS algorithms, SHA-256/384/512 hashes, PEM (PKCS#8/SPKI) and JWK key formats, JWT presets (RS256/PS256), and OpenSSL command preview — private keys are not uploaded by the tool

Client-side TOTP/HOTP one-time password generator with SHA-1/256/512, QR code scan & generate, otpauth:// URI parsing, code verification — secrets are not uploaded by the tool