SJCL demo

This page is a demo of the Stanford Javascript Crypto Library. To get started, just type in a password in the left pane and a secret message in the middle pane, then click "encrypt". Encryption takes place in your browser and we never see the plaintext.

SJCL has lots of other options, many of which are shown in the grey boxes.


Choose a strong, random password.

Key Derivation


Salt adds more variability to your key, and prevents attackers from using rainbow tables to attack it.

Strengthening makes it slower to compute the key corresponding to your password. This makes it take much longer for an attacker to guess it.

Key size:

128 bits should be secure enough, but you can generate a longer key if you wish.

This key is computed from your password, salt and strengthening factor. It will be used internally by the cipher. Instead of using a password, you can enter a key here directly. If you do, it should be 32, 48 or 64 hexadecimal digits (128, 192 or 256 bits).

Cipher Parameters

SJCL encrypts your data with the AES block cipher.

Cipher mode:

The cipher mode is a standard for how to use AES and other algorithms to encrypt and authenticate your message. OCB2 mode is slightly faster and has more features, but CCM mode has wider support because it is not patented.


The IV needs to be different for every message you send. It adds randomness to your message, so that the same message will look different each time you send it.

Be careful: CCM mode doesn't use the whole IV, so changing just part of it isn't enough.

Authentication strength:

SJCL adds a an authentication tag to your message to make sure nobody changes it. The longer the authentication tag, the harder it is for somebody to change your encrypted message without you noticing. 64 bits is probably enough.

These parameters are required to decrypt your message later. If the person you're sending the message to knows them, you don't need to send them so your message will be shorter.

Default parameters won't be sent. Your password won't be sent, either. The salt and iv will be encoded in base64 instead of hex, so they'll look different from what's in the box.


This message will be encrypted, so that nobody can read it or change it without your password.
This auxilliary message isn't secret, but its integrity will be checked along with the integrity of the message.


Your message, encrypted and authenticated so that nobody can read it or change it without your password.