Is a one-time pad really unbreakable?

Yes — when the key is truly random, at least as long as the message, and never reused. Reusing a key breaks all security guarantees. This tool generates a fresh WebCrypto key for every encryption.

Where is my key or plaintext stored?

Nowhere. All processing runs entirely in your browser. Nothing is sent to any server. Close the tab and all data is gone.

What does hex vs base64 output mean?

Both represent the same ciphertext bytes. Hex uses two characters per byte (0–9, a–f); base64 encodes three bytes as four ASCII characters and is more compact for copy-paste.

Can I encrypt binary files with this tool?

This tool handles UTF-8 text. Binary file encryption would require a file-input interface; use this tool for text-only use cases.

Why must the key be the same length as the message?

XOR encryption requires exactly one key byte per message byte. A shorter key would require reuse, destroying perfect secrecy.

One-Time Pad Encrypt / Decrypt Tool

Name: One-Time Pad Encrypt / Decrypt Tool
Availability: InStock
Author: Nham Vu

Encrypt or decrypt text with a one-time pad (XOR cipher). Generate a cryptographically random key via WebCrypto, view hex/base64 output, and verify the round-trip.

Encrypt

Plaintext

Key (hex)

Decrypt

Ciphertext (hex or base64)

Key (hex)

How it works: Each plaintext byte is XOR-ed with a matching key byte. The key is generated by crypto.getRandomValues() (WebCrypto) — no server contact, no storage. Keep the key secret; lose it and the ciphertext is unrecoverable.

Copied!

Summary

Encrypt or decrypt text with a one-time pad (XOR cipher). Generate a cryptographically random key via WebCrypto, view hex/base64 output, and verify the round-trip.

How it works

Type or paste your plaintext into the message field.
Click "Generate Key" to create a cryptographically random key (same byte length as your message) via WebCrypto.
Click "Encrypt" — each message byte is XOR-ed with the matching key byte; ciphertext appears in hex and base64.
To decrypt, paste the ciphertext (hex or base64) and the original key, then click "Decrypt" to recover the plaintext.
The round-trip indicator confirms the decrypted output matches the original message.

Use cases

Demonstrate perfect secrecy in a cryptography class or tutorial.
Encrypt short secrets offline without any server round-trip.
Test XOR-cipher logic during security research or CTF challenges.
Generate and exchange a one-time pad key for manual secure messaging.

Frequently Asked Questions

Last updated: 2026-07-01 · Reviewed by Nham Vu