Web Cipher


  1. Paste your document in the "Content" box.
  2. Choose a good key (password) and enter it into the "Key" box. This key will not be recoverable, so remember it!
  3. After clicking Protect Document, save the generated Web Cipher code as an HTML document (*.html).
  4. Download cipher.js (see Before you use).
  5. You can use the Encipher and Decipher buttons to perform encryption/decryption alone. Read the documentation for more help.
Script source
Open in new window


Web Cipher is a client-side, cryptographically secure document encryption technology. It allows even an inexperienced web author to establish virtually uncrackable safety measures on confidential data. Web Cipher is also fast, substantially overcoming the problem of speed in browser-based cryptology. It averages almost 15K per second in real-world tests on an iMac 333 MHz computer, much faster than similar utilities.

Also see

  1. Before you use
  2. Choosing a good key
  3. How it works
  4. Disclaimer
  5. Test page (the key is cipher123)


What the controls mean What the buttons do Before you use Choosing a good key How it works Disclaimer Up to top

What the controls mean

Script source
The default value of the script source is 'cipher.js'. For a Web Cipher document to work, you'll need the cipher.js file in the location specified in this box. What this usually means is that you'll put it in the same directory/folder as your Web Cipher protected document. Advanced users may wish to change this, however. See Before you use.
This control is at the heart of the encryption process. Your key functions as a password to your data, blocking unauthorized access. Read Choosing a good key.
Open in new window
When you click View/Extract Document, the original source is shown in your browser. This option is used to control whether it displays in the original browser window or a popup.

What the buttons do

Each of the buttons performs a specific function. When the action is complete the text in the Content box changes. Progress is shown in the status bar.

This performs the encryption process on your data. By using this function alone you can use the security of Web Cipher for other purposes.
This is the reverse of Encipher. Enter the key, then click Decipher to decrypt an encrypted Web Cipher message.
Protect Document
Clicking this will encrypt your data and wrap it inside of a stand-alone HTML document ready to be uploaded to the Web. Read the instructions for more information.
View/Extract Document
Clicking this will remove the HTML wrapper from a Web Cipher document, and attempt to decrypt it. If successful it will show the original source in the Content box as well as in your browser window. It acts as a sort of decoder and/or preview.

Before you use

You will need the script file cipher.js in order to use Web Cipher. The generated HTML page will reference this file according to the entry in the "Script source" box. If you are going to be using Web Cipher on numerous documents, it would be smart to store the script file in one place (e.g. /cipher.js), and change the "Script source" to reflect that location.

  1. Avoid unnecessary encryption! Encryption is a drastic and very unfriendly thing to do. Please think carefully before you use it.
  2. Test your pages. Some browsers don't support the scripts necessary for Web Cipher. Others have *bugs* that interfere with the encryption of certain characters. In order for Web Cipher to work, you must use a browser that doesn't have this problem, or use entity references for those characters.

Choosing a good key

A key is the lock on your data. The security of the lock is based ultimately on your choice of key. Using a repetitive key (like '----') or an easily guessed one (like your mother's maiden name) can defeat even the best encryption technique.

  1. The longer the better. (At least if you remember it!)
  2. Be unusual. Don't use common words or typical things (like your pet's name) for the key.
  3. Arbitrary is good. The best keys are based on essentially random data. If possible, use a something totally irrelevant for the key, or better yet, think of about 10-15 random letters/numbers/symbols for each key.
  4. Don't use the same key all the time! If you do, it'll take just one break to break everything. Change keys as often as possible.

How it works

The document is broken into 64-byte segments. Each segment is enciphered using a 1-byte random salt combined with your key. Additionally, each byte is converted to base-16 to ensure the returning of transfer-safe values. An eight-bit checksum of the password is stored to reduce the hassle of entering the wrong key.

o = output string
c = input string
k = key string
l = length of string
n = character number
r = salt

o[0..l-1] = c[0..l-1] ^ r ^ k[n % l]


Web Cipher is offered as is, without warranty. Use at your own risk.

Based on JavaScript by Joseph Myers, e_mayilme@hotmail.com.

Documentation Up to top