Ishpeck's AES Tool

Enter passphrase twice:

Raw text goes here

Encrypted text goes here

Enter a URL here, click fetch then click Decrypt. Be sure you have a passphrase in.

What is this thing?

This page is a tool that implements the Advanced Encryption Standard as adopted by the National Institute of Standards and Technology and implemented by Chris Veness.

I put this page here to help raise awareness for both the importance and simplicity of using cryptography in our daily lives. Everyone needs to take their privacy more seriously.

How do I use it?

It can be used one of two ways: You can put text into the "raw text" area, enter a passphrase, and click "encrypt" to see what the encrypted bytes look like. You can copy that encrypted data into an e-mail or another web page if you like and show off your illustrious cryptography skills.

It can also be used to decrypt information by entering the correct passphrase, putting the encrypted data into the "encrypted text" area, and clicking the "decrypt" button. The clear text will appear in the "raw text" field.

Why should I use it?

Mostly just for fun. To see AES cryptography in action. I don't recommend putting anything really important in here such as bank account information, social security numbers, or anything like that. But for fun secrets like "OMG Suzie's new hair-do is so ugly!", sure this is great. I use it to hide my e-mail address from spammers.

How do I know you're not trying to spy on me?

You'll just have to trust me? :P Look at the source and you will see that the javascript does not send any POST requests to any server. Watch your network traffic with Wireshark or something similar to verify that claim. The URL fetcher does transmit a GET request to whatever computer you specify so if you're in the habit of typing credit card numbers into the middle of URL's, you should probably stay away from this and all web sites. If you do an HTTP HEAD / HTTP/1.0 request, you'll see that my web server is publicfile which is a very small and therefore has a source base that's easy to audit for security and actually is incapable of receiving any kind of POST requests:

Connected to
Escape character is '^]'.
HTTP/1.1 501 method not implemented
Server: publicfile
Date: Tue, 16 Jul 2013 14:01:26 GMT
Content-Length: 50
Connection: close
Content-Type: text/html

<html><body>method not implemented</body></html>
Connection closed by foreign host

So even if you wanted to give me your private information, my web server could not take it. The only thing my web server can write to disk is logs. So if you did try to open or something like that, you'd get a 404 error and that exact text would appear on my computer. So don't type anything like that into your address bar or into the URL Fetcher's field.