What this tool is good for
Symmetric encryption uses the same secret key for encryption and decryption. It is usually faster than asymmetric encryption and is well suited to larger amounts of data, but the shared key must be protected carefully.
This page supports common symmetric algorithms including AES, TripleDES, Rabbit, RC4, and DES for quick browser-side testing, parameter checks, legacy-system compatibility work, and interoperability debugging.
How to use it
- Paste the plaintext you want to encrypt, or paste the ciphertext you need to decrypt.
- Choose AES, TripleDES, Rabbit, RC4, or DES, then confirm the mode, padding, and encoding options that match your workflow.
- Enter a passphrase, or provide the custom AES key and IV when you need exact compatibility with another system.
- Run encryption or decryption, then test the result in the opposite direction with the same settings.
AES notes
AES is one of the most widely used symmetric ciphers. The tool supports AES-128, AES-192, and AES-256. When you use the simple passphrase mode rather than custom key/IV input, the default behavior corresponds to AES-256-CBC.
openssl enc -aes-256-cbc -in infile -out outfile -pass pass:"Your Passphrase" -e -base64
Custom AES mode supports CBC, CFB, CTR, OFB, and ECB, together with common padding modes such as Pkcs7, Iso97971, AnsiX923, Iso10126, ZeroPadding, and NoPadding. ECB is included for compatibility work, but it is usually not an appropriate default for new designs because it can reveal data patterns.
Other supported ciphers
- DES: once a dominant encryption algorithm and a Federal Information Processing Standard, but its small key size makes it unsafe for modern new designs.
- TripleDES: applies DES three times to each block to increase effective key strength, but it is now mainly a legacy compatibility option.
- Rabbit: a high-performance stream cipher and an eSTREAM portfolio finalist, useful when you need to inspect Rabbit-compatible data.
- RC4: a classic stream cipher once used in popular protocols such as SSL and WEP; today it should normally be limited to legacy analysis and compatibility tests.
Common mistakes
- The key, IV, mode, and padding must match exactly between encryption and decryption.
- ECB does not use an IV, while modes such as CBC and CFB do, but that does not make ECB safer or simpler for production use.
- DES and RC4 are legacy choices and should usually be used only for compatibility testing.
- This page focuses on encryption and decryption compatibility checks, not on authenticated-encryption workflows such as AEAD designs.
- If tamper detection matters, pair the workflow with authenticated encryption or an integrity check such as HMAC.
FAQ
What is symmetric encryption best used for?
Symmetric encryption is best for protecting data when the same secret key can be used to encrypt and decrypt. It is common for files, messages, tokens, and local data protection.
How is symmetric encryption different from RSA?
Symmetric encryption uses one shared secret key. RSA uses a public/private key pair and is usually better for key exchange, small payloads, or signatures rather than large data encryption.
Why does decryption fail with the correct-looking key?
The algorithm, mode, IV, nonce, padding, encoding, or authentication tag may not match the original encryption settings. All parameters must match exactly.
Related tools
- ChaCha20 Encrypt & Decrypt:Encrypt and decrypt data with ChaCha20
- RSA Encryption & Decryption:Encrypt and decrypt short text with RSA in your browser