Free Browser-Based Encryption & Security Tools

13 free tools — Hashes, HMAC, AES, password strength, TOTP, JWT, API keys

MD5 Hash Generator

Generate MD5 hash from text. One-way hashing for checksums and non-security uses.

SHA-256 Hash Generator

Generate SHA-256 hash from text. Secure 256-bit hashing for integrity and verification.

SHA-512 Hash Generator

Generate SHA-512 hash from text. Stronger 512-bit hashing for high-security needs.

HMAC Generator

Generate HMAC (keyed-hash MAC). Verify integrity and authenticity with a shared secret key.

AES Encrypt / Decrypt

Encrypt and decrypt with AES-GCM. Symmetric encryption using a passphrase-derived key.

Password Strength Checker

Check password strength. Get a 0–100 score, time-to-crack estimate and specific suggestions.

Secure Password Generator

Generate cryptographically random passwords with entropy display and custom symbol sets.

Diceware Passphrase Generator

Generate Diceware-style passphrases. Memorable multi-word passwords with configurable length and separators.

TOTP Code Generator

Generate TOTP codes (Google Authenticator style). RFC 6238 two-factor authentication codes.

JWT Generator

Create signed JWT tokens with HS256, HS384 or HS512. Counterpart to the JWT decoder.

API Key Generator

Generate cryptographically random API keys. Hex, Base64, Base62 or alphanumeric with optional prefix.

Checksum Calculator

Calculate MD5, SHA-1, SHA-256 and SHA-512 checksums of a file. Drag and drop or pick a file.

File Hash Calculator

Hash a file with a single algorithm — MD5, SHA-1, SHA-256 or SHA-512. Useful for verifying downloads.

About Encryption & Security

Encryption and security tools cover the everyday cryptographic chores: hashing a string or a file (MD5, SHA-1, SHA-256, SHA-512), signing a message with HMAC, encrypting and decrypting text with AES-256-GCM, scoring a password's strength, generating a strong password or memorable Diceware passphrase, producing TOTP codes from a Base32 secret, signing HS-family JWTs, and minting random API keys.

Every tool here runs entirely in your browser using the Web Crypto API (with a pure-JavaScript MD5 because SubtleCrypto deliberately omits it). Nothing is uploaded — passphrases, secrets, plaintext, and files stay on your device. That makes the tools safe for inspecting suspicious tokens, debugging request signatures, or testing crypto code against published RFC test vectors.

These tools are intended for learning, debugging, and one-off operations. They are not a replacement for production secret management: store live keys in a password manager or KMS, hash credentials with bcrypt/Argon2 rather than raw SHA-256, and prefer a dedicated authenticator app over a web TOTP page for daily 2FA.