Encrypt / Decrypt
Encrypt and decrypt data with AES, DES, Triple DES, and RC4 symmetric ciphers
What is symmetric encryption?
Symmetric encryption transforms plaintext into unreadable ciphertext using a secret key, and decryption reverses the process with the same key. Choose an algorithm based on your security requirements and compatibility needs.
Recommendation: Use AES for all new applications. DES, Triple DES, and RC4 are provided for legacy compatibility and educational purposes only.
AES vs DES vs Triple DES vs RC4: encryption algorithm comparison
| Algorithm | Type | Key Length | Block Size | Security |
|---|---|---|---|---|
| AES | Block cipher | 128 / 192 / 256 bits | 128 bits | |
| DES | Block cipher | 56 bits | 64 bits | |
| Triple DES | Block cipher | 112 / 168 bits | 64 bits | |
| RC4 | Stream cipher | 40 - 2048 bits | N/A (stream) |
Choose an algorithm
AES Encrypt / Decrypt
The Advanced Encryption Standard is the gold standard for symmetric encryption, adopted by NIST in 2001. Supports CBC, CFB, CTR, OFB, and ECB modes with configurable key sizes.
DES Encrypt / Decrypt
The Data Encryption Standard was the dominant cipher from the 1970s until it was publicly cracked in 1998 due to its short 56-bit key. Not suitable for protecting sensitive data.
Triple DES Encrypt / Decrypt
Triple DES applies the DES cipher three times with independent keys, providing stronger security than DES. Deprecated by NIST in 2023 in favor of AES.
RC4 Encrypt / Decrypt
RC4 is a fast stream cipher once widely used in SSL/TLS and WEP. Known statistical biases led to its prohibition in TLS (RFC 7465). Supports configurable key size and byte dropping.
How symmetric encryption works: block ciphers and stream ciphers
All four algorithms use symmetric encryption — the same secret key is used for both encryption and decryption. This differs from asymmetric encryption (RSA, ECDSA) where separate public and private keys are used.
Block ciphers (AES, DES, Triple DES) process data in fixed-size blocks and require a mode of operation (CBC, CTR, etc.) to handle messages longer than one block, plus padding to align plaintext to the block boundary.
Stream ciphers (RC4) encrypt data one byte at a time, producing a pseudorandom keystream XORed with the plaintext. They require no padding or mode of operation.
For key derivation from a password, these tools support PBKDF2 and EvpKDF with configurable hash algorithms, salt, and iteration counts. You can also provide a raw key and IV directly for full control.
Frequently asked questions
What is the most secure encryption algorithm?
AES-256 is the most secure algorithm available here and is the current industry standard. It uses a 256-bit key and has no known practical attacks. DES, Triple DES, and RC4 are legacy algorithms with known weaknesses and should not be used for new applications.
What is the difference between AES-128 and AES-256?
Both AES-128 and AES-256 use the same underlying algorithm with different key lengths. AES-256 provides a higher security margin against brute-force attacks. AES-128 is faster and still provides strong security for most applications. For classified government information, AES-256 is required.
Why is DES considered insecure?
DES uses only a 56-bit key, providing just 2^56 possible keys. Modern hardware can exhaustively try all possible DES keys in hours. NIST officially retired DES in 2005. It should only be used for legacy compatibility with older systems.
What is a block cipher mode of operation?
A mode of operation defines how a block cipher handles messages longer than one block. Common modes: CBC (Cipher Block Chaining) links blocks together, CTR (Counter) turns the cipher into a stream cipher, and CFB/OFB provide streaming feedback. Avoid ECB — it encrypts identical blocks identically, revealing patterns in the data.