AES Encrypt / Decrypt
Encrypt or decrypt text with AES-GCM, deriving a key from a passphrase via PBKDF2 — all in your browser.
🔒 Encryption happens with SubtleCrypto in your browser. Passphrases never leave the device.
</>Use this tool programmaticallycurl · JavaScript · MCP
Same tool, callable from any HTTP client or from Claude (via MCP). Anonymous: 100 req/day per IP. Sign up for 1,000 req/day.
curl https://api.b-e-a-d.com/tools/aes-encrypt-decrypt/run \
-H "Content-Type: application/json" \
-d '{
"mode": "encrypt",
"passphrase": "a",
"input": "your input here"
}'const res = await fetch("https://api.b-e-a-d.com/tools/aes-encrypt-decrypt/run", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
"mode": "encrypt",
"passphrase": "a",
"input": "your input here"
}),
});
const data = await res.json();
console.log(data.result);# In Claude Desktop / Claude Code, add to your MCP config:
{
"mcpServers": {
"bead": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://mcp.b-e-a-d.com"]
}
}
}
# Then ask Claude to call:
mcp__bead__bead_aes_encrypt_decryptFull reference: developer docs · OpenAPI spec
How it works
The passphrase is stretched with PBKDF2-SHA-256 (600,000 iterations) over a random 16-byte salt to derive a 256-bit AES key. Plaintext is encrypted with AES-GCM using a fresh 12-byte IV. Output is salt (16) ‖ iv (12) ‖ ciphertext+tag, Base64-encoded.
All of that happens in the browser via SubtleCrypto. The passphrase and plaintext never touch BEAD's servers.
Heads-up: a strong passphrase still matters. If you can guess it, an attacker can too. Use a generator — the password generator works well for this.
You might also like
- Base64 Encoder / DecoderEncode or decode Base64 strings instantly.
- Escape / UnescapeEscape or unescape strings for JSON, JavaScript, HTML attribute, XML, and SQL contexts.
- Hash GeneratorCompute SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text or a file.
- HMAC CalculatorCompute HMAC-SHA1, SHA-256, SHA-384, or SHA-512 over a message and secret — for API signing or message auth.