Skip to content
Marvin's Toolbox.

Search tools

Type to filter all tools

File Encryptor & Decryptor

Encrypt any file with a password using AES-256-GCM, or decrypt a file that was encrypted here. Strong key derivation and integrity protection built in.

Everything runs locally in your browser. Your data never leaves your device.

File

Drop the file to encrypt, or a .enc file to decrypt

Any file type works. Click to choose one.

Up to 1 GB.

Password

Add a file first.

There is no password recovery. If the password is lost, the file's contents are gone for good.

Next steps

Send this tool's output straight into another tool.

Hash text or a file with MD5, SHA-1, SHA-256, SHA-512, SHA-3, BLAKE2, BLAKE3, CRC32 and more, all computed live as you type. Compare against an expected checksum and copy any digest.

Verify a checksum online: drop a file, paste the expected checksum and see instantly whether they match. The hash type is detected from the checksum itself, covering MD5, SHA-1, SHA-256, SHA-512, BLAKE3, CRC-32 and more, and sha256sum lines or whole checksum files can be pasted as-is.

Compress text or a file with gzip, deflate, brotli or Zstandard and see the size before and after, the compression ratio and how long it took. One click tries every method and recommends the smallest result.

Decompress gzip, deflate, brotli or Zstandard data from a file or pasted Base64 and read the result as text or download it. Detects the format from the magic bytes where possible, with a manual override.

Inspect any file or text as a hex dump with offsets, byte values and an ASCII column. Jump to an offset, search for bytes or text, select a range to see it decoded as integers and strings, and copy or download the dump.

Encrypt any file with a password using AES-256-GCM, or decrypt a file that was encrypted here. Strong key derivation and integrity protection built in.

About the File Encryptor & Decryptor Tool

This tool locks any file behind a password and unlocks it again. Encryption uses AES-256-GCM, the key comes from your password through 600,000 rounds of PBKDF2-SHA-256, and the result is a single portable .enc file you can store or send anywhere.

Drop a file in and the right mode is picked for you. A fresh file opens in Encrypt, a file made here is recognized by its marker bytes and opens in Decrypt. The original file name and type travel inside the encrypted data, so decrypting gives you back the file exactly as it was, name included.

What you can do

  • Encrypt a file with a password before uploading it to cloud storage.
  • Password protect a document, photo or archive you want to email.
  • Decrypt a .enc file made with this tool and restore its original name.
  • Check the strength of your password before you commit to it.
  • Verify on decryption that the file was not tampered with or corrupted.

How to use the File Encryptor & Decryptor

  1. 1Drop the file in, or pick it with a click. Encrypt or Decrypt is selected from the file itself.
  2. 2Type the password. When encrypting, confirm it and check the strength meter.
  3. 3Press Encrypt or Decrypt and wait a moment while the key is derived.
  4. 4Download the result, either the .enc file or the restored original.

How the .enc file is built

Every encrypted file starts with the marker MJWENC and a format version, followed by the key derivation settings, a random 16-byte salt and a random 12-byte nonce. After that comes the AES-256-GCM ciphertext with its authentication tag. The iteration count is stored in the file, so files encrypted today stay decryptable even after the default goes up.

The original file name and MIME type are encrypted along with the content, never written in cleartext. An encrypted file reveals nothing about what it holds beyond its size, and decrypting restores the file under its original name.

Only files from this tool can be decrypted here

The .enc container is this tool's own format. Files encrypted by other programs, like GPG files, encrypted ZIP archives or VeraCrypt volumes, use different formats and cannot be opened here. The tool checks the marker bytes up front and tells you right away when a file was not encrypted with it.

The other direction always works: a .enc file made here can be decrypted here anytime, on any device, as long as you have the password.

Wrong password and damaged files

AES-GCM authenticates what it decrypts. If a single byte of the file was changed, or the password is wrong, decryption fails cleanly instead of producing garbage. The format cannot tell those two cases apart, that is a property of authenticated encryption, so the error names both. When decryption succeeds, the content is guaranteed to be exactly what was encrypted.

There is no password recovery, no backdoor and no reset. If the password is lost, the content is gone. Pick a password you can keep, the Password Generator can make you a strong one, and its passphrase mode makes ones you can actually remember.

Hash a password with bcrypt or Argon2 and verify a password against an existing hash. Tune the cost factor, memory, iterations and parallelism, see how long the hash takes, and read the parsed parts of any hash you paste.

Verify a checksum online: drop a file, paste the expected checksum and see instantly whether they match. The hash type is detected from the checksum itself, covering MD5, SHA-1, SHA-256, SHA-512, BLAKE3, CRC-32 and more, and sha256sum lines or whole checksum files can be pasted as-is.

Hash text or a file with MD5, SHA-1, SHA-256, SHA-512, SHA-3, BLAKE2, BLAKE3, CRC32 and more, all computed live as you type. Compare against an expected checksum and copy any digest.

Paste a JSON Web Token to see its header and payload as formatted JSON, with the token color coded so each part maps to its output. Explains the registered claims, shows expiry as readable dates, flags expired tokens and can verify the signature with a secret or public key.

Strip the sensitive bits out of a log or any text before sharing it: emails, IP and MAC addresses, file paths, UUIDs, timestamps, URLs, tokens and more. Pick what to redact and how it is replaced, with stars, a fixed character, a type label or a length-preserving mask.

Generate strong random passwords with full control over length, character sets, symbols and ambiguous characters, or build word-based passphrases. Shows the entropy and a crack time estimate for every result, and can produce a whole batch at once.