What this tool is good for
ChaCha20 is a modern stream cipher designed by Daniel J. Bernstein. It is derived from Salsa20 and is known for strong diffusion and practical performance.
This page lets you encrypt and decrypt payloads with ChaCha20 using UTF-8, Base64, or Hex inputs, which is useful for protocol debugging and implementation checks.
Key and nonce requirements
- The key must be 32 bytes long.
- The nonce must be either 8 bytes or 12 bytes long.
- Input, key, and nonce can each be provided as UTF-8, Base64, or Hex.
- A nonce must not be reused with the same key, because nonce reuse breaks ChaCha20 confidentiality guarantees.
How to use it
- Enter the plaintext or ciphertext and choose its encoding.
- Provide the key and nonce with the correct byte length.
- Choose the output encoding and run encryption or decryption.
- Use the random-fill shortcut when you need quick test values for key and nonce, but follow your upstream system's nonce generation rules for real integrations.
Practical notes
- ChaCha20 provides encryption, but it does not by itself authenticate the ciphertext or associated metadata.
- If a protocol expects authenticated encryption, use the exact construction required by that protocol instead of assuming raw ChaCha20 is sufficient.
FAQ
What is ChaCha20 used for?
ChaCha20 is a modern stream cipher used to encrypt data efficiently, especially in environments where fast software performance is important.
Why must the nonce be unique for ChaCha20?
Reusing the same key and nonce can reveal relationships between plaintexts and seriously weaken security. Always generate a fresh nonce for each encryption operation.
What is the difference between ChaCha20 and ChaCha20-Poly1305?
ChaCha20 encrypts data, while ChaCha20-Poly1305 also authenticates it. When possible, prefer an authenticated encryption mode so tampering can be detected during decryption.
Related tools
- Symmetric Encrypt/Decrypt:Encrypt and decrypt with AES, TripleDES, Rabbit, and RC4