Hosted by on (This page can be used off-line
by saving this page as a standalone
.html file
SJCL Standalone Tool

SJCL Standalone AES [Advanced Encryption Standard] Tool

This page is a demo of the Stanford Javascript Crypto Library hosted by for educational purposes, along side other open-source cryptography utilities. To get started, just type in a password in the left password pane and the plaintext message in the middle plaintext pane, then click "encrypt". Encryption takes place in your browser locally using inline javascript commands so that the plaintext data is only viewed locally as well as the resulting ciphertext after successful encryption. The SJCL Tool has lots of other advanced options, many of which are shown in the "Key Derivation" and "Cipher Parameters" boxes below.


Choose a strong, random password.

Key Derivation


Salt adds more variability to your key, and prevents attackers from using rainbow tables to attack it.

Strengthening makes it slower to compute the key corresponding to your password. This makes it take much longer for an attacker to guess it.

128 bits should be secure enough, but you can generate a longer key if you wish.

This key is computed from your password, salt and strengthening factor. It will be used internally by the cipher. Instead of using a password, you can enter a key here directly. If you do, it should be 32, 48 or 64 hexadecimal digits (128, 192 or 256 bits).

Cipher Parameters

SJCL encrypts your data with the AES block cipher.

Cipher mode:

The cipher mode is a standard for how to use AES and other algorithms to encrypt and authenticate your message. OCB2 mode is slightly faster and has more features, but CCM mode has wider support because it is not patented.


The IV needs to be different for every message you send. It adds randomness to your message, so that the same message will look different each time you send it.

Be careful: CCM mode doesn't use the whole IV, so changing just part of it isn't enough.

SJCL adds a an authentication tag to your message to make sure nobody changes it. The longer the authentication tag, the harder it is for somebody to change your encrypted message without you noticing. 64 bits is probably enough.

These parameters are required to decrypt your message later. If the person you're sending the message to knows them, you don't need to send them so your message will be shorter.

Default parameters won't be sent. Your password won't be sent, either. The salt and iv will be encoded in base64 instead of hex, so they'll look different from what's in the box.


This message will be encrypted, so that nobody can read it or change it without your password.
This auxilliary message isn't secret, but its integrity will be checked along with the integrity of the message.


Your message, encrypted and authenticated so that nobody can read it or change it without your password.

This version of the SJCL demo has been modifed by to work as a off-line internet-less application
by saving this page as a standalone .html file. The original version can be found on Github.