This page takes a secret message and encrypts it with a session key: Show/Hide explanation

1. Generate a random AES session key or enter one manually

2. Type in your username an retrieve your RSA public key from the database by pressing the "get public key" button

3. Encrypt the AES session key with your RSA public key by pressing the "encrypt" arrow below the green box

4. Enter the secret message you want to encrypt

5. Encrypt your secret message using the AES session key by pressing the "encrypt" arrow below the red box

6. Submit the encrypted AES session key together with the encrypted secret message using the "submit" button

Session AES Key

Key size:
This users RSA key public exponent and modulus are fetched from the database. The exponenet is 0x10001

Encrypted AES Key

Encrypted AES Session Key using the users RSA Public Key. The ciphertext is encoded in base64.


This message will be encrypted.


This Message is encrypted using the AES Session Key. The Ciphertext is uploaded together with the encrypted AES Key.

Cipher Parameters

SJCL encrypts your data with the AES block cipher.

Cipher mode:

The cipher mode is a standard for how to use AES and other algorithms to encrypt and authenticate your message. OCB2 mode is slightly faster and has more features, but CCM mode has wider support because it is not patented.


The IV needs to be different for every message you send. It adds randomness to your message, so that the same message will look different each time you send it.

Be careful: CCM mode doesn't use the whole IV, so changing just part of it isn't enough.

Authentication strength:

SJCL adds a an authentication tag to your message to make sure nobody changes it. The longer the authentication tag, the harder it is for somebody to change your encrypted message without you noticing. 64 bits is probably enough.

These parameters are required to decrypt your message later. If the person you're sending the message to knows them, you don't need to send them so your message will be shorter.

Default parameters won't be sent. The iv will be encoded in base64 instead of hex, so they'll look different from what's in the box.

Database (MySQL) - Data ist stored in Base64

Show/Hide database

Database Content