AxelBase Utility

Professional grade AES-256-CBC encryption. Floating on a cloud of privacy.

Encrypt

Secure your plaintext with industry-standard encryption. 100% local processing.

Start Encrypting

Decrypt

Recover your original data using your secure passphrase and IV code.

Start Decrypting

About AxelBase AES-256-CBC Utility

A modern, privacy-first web tool for encrypting and decrypting text using AES-256 in CBC mode—all without ever leaving your browser.

The AxelBase AES-256-CBC Encryption Utility was built for developers, security enthusiasts, journalists, and anyone who needs to protect short-to-medium text messages without relying on cloud services or third-party servers. In an era where data breaches and surveillance are constant concerns, this tool ensures your content stays completely under your control.

Everything happens client-side using the browser's native Web Crypto API. When you enter plaintext, a passphrase, and a 16-byte IV (as 32 hex characters), the tool derives a 256-bit key with PBKDF2 (100,000 iterations, SHA-256) and performs AES-256-CBC encryption. The result is standard base64-encoded ciphertext. Decryption reverses the process exactly—requiring the same passphrase and IV to recover the original text. If anything mismatches, decryption fails gracefully with a clear error message.

Key design principles include:

  • Zero server interaction — no uploads, no APIs, no logging. Your data never touches the internet after page load.
  • Input limit of 1,000,000 characters — plenty for notes, messages, or small documents, while preventing performance issues.
  • Strong input validation — passphrase minimum length, exact 32-hex IV format, live character counters.
  • Clean, responsive UI — built with SvelteKit for fast loading and Bootstrap 5 for intuitive forms and navigation.
  • Open-source transparency — MIT-licensed code on GitHub lets anyone audit the crypto logic in src/lib/crypto.js.
  • Static GitHub Pages deployment — free, fast, HTTPS-enabled hosting with no backend maintenance.

This utility draws inspiration from classic crypto tools but modernizes them for the browser era. It deliberately uses AES-256-CBC for broad compatibility and simplicity, while clearly warning users about best practices: always use unique random IVs, never reuse IVs with the same passphrase, and choose strong passphrases (12+ characters with variety). It is not intended for ultra-high-security secrets—consult professionals for those—but excels as a quick, trustworthy everyday encryptor.

Created by developers who value privacy and simplicity. No tracking, no ads, no nonsense—just secure, local cryptography when you need it.

How to Use the Utility

Follow these straightforward steps to encrypt or decrypt text securely in your browser.

Start on the Home page for an overview and big buttons to Encrypt or Decrypt. Use the top navigation bar (Home, Encrypt, Decrypt, About) at any time. All links use . for correct GitHub Pages routing.

Tip: Bookmark the direct /encrypt or /decrypt URLs for faster access.

Go to the Encrypt page. Paste or type your plaintext into the large textarea (max 1,000,000 characters—watch the live counter). Enter a strong passphrase (at least 8 characters; 12–20+ recommended). Provide a 32-character hexadecimal IV (only 0-9, a-f/A-F allowed).

Click Encrypt. Within seconds, the base64 ciphertext appears in the output box below. Copy it for secure sharing or storage.

Security note: Generate a fresh random IV for every encryption. Never reuse the same IV with the same passphrase.

Switch to the Decrypt page. Paste the base64 ciphertext into the input area. Enter the exact same passphrase and exact same IV used during encryption.

Click Decrypt. If everything matches, the original plaintext appears. If not, you'll see a clear error (e.g., wrong key, invalid format, padding issue).

Double-check copy-paste accuracy—base64 is case-sensitive and padding (=) matters.

Always test small messages first. Use random IVs (online generators or scripts). Store passphrase and IV securely and separately. If decryption fails repeatedly, verify no extra spaces or line breaks were added during copy. The tool works offline after initial load—perfect for air-gapped environments.

For questions, check the About page or the project's GitHub README.

Frequently Asked Questions

Never. All encryption, decryption, and key derivation happen exclusively in your browser using the Web Crypto API. No data leaves your device—no uploads, no API calls, no logging.

The passphrase is used only to derive a 256-bit AES key via PBKDF2 (100,000 iterations, SHA-256) in memory. It is never stored, logged, or transmitted. Use a strong, unique passphrase (12+ characters with variety) for best security. Weak passphrases reduce protection against brute-force attacks.

In CBC mode, the IV ensures that identical plaintext blocks encrypt differently. Reusing the same IV with the same key leaks information about repeating patterns. Always use a fresh, random 16-byte IV (32 hex chars) for each encryption. The tool enforces exactly 32 hex characters.

You'll see a user-friendly error such as "Decryption failed: Invalid passphrase, IV, or ciphertext." Common causes: wrong passphrase, incorrect IV, corrupted base64, or extra spaces/line breaks during copy-paste. Double-check inputs exactly match what was used to encrypt.

Yes—after the initial page load, everything works offline. Ideal for secure environments or travel without reliable internet.

Yes—MIT licensed on GitHub. The single crypto logic file (src/lib/crypto.js) uses only standard Web Crypto API calls. Review it to confirm no hidden tracking or data exfiltration.

Base64 is compact, safe for copy-paste/email/text storage, and widely supported. It represents binary ciphertext accurately without encoding issues. You can convert to hex if needed using online tools or scripts.