CipherVault

Secret Key — auto-embedded in output

Generating...

Your Identity — embedded in message

Your name (sent with every message)

ⓘ Your name is encrypted inside the message. The recipient will see it when they decrypt.

Plaintext Message

Enter message to encrypt

Ciphertext Input

Paste encrypted hex string

Algorithm Overview

CipherVault uses a custom symmetric XOR cipher with position-based transformations. Every encrypted output is self-contained — the secret key is encrypted and embedded inside the ciphertext itself, so no separate key distribution is needed.

Core Transform Function

For each character at position i in the input string:

encryptedByte = charCode(input[i]) XOR charCode(key[i mod keyLen]) XOR ((i × 7) AND 0xFF)

The XOR key[i mod keyLen] term provides the base cipher strength. The (i × 7) mod 256 position term ensures identical plaintext characters at different positions always produce different ciphertext bytes — defeating simple frequency analysis.

Decryption is identical: XOR is its own inverse, so applying the same transform with the same key and position recovers the original byte.

Encryption Steps

Generate a 64-character cryptographically random key using crypto.getRandomValues() drawing from uppercase, lowercase, digits, and !@#$%^&* symbols.

Encode the key length as a 4-character hex prefix (e.g. 0040 for 64 chars), supporting keys up to 65,535 characters.

Encrypt the key string itself using the same XOR transform with a seed derived from the key (sum of char codes mod 256, expanded to 16 bytes). Append as hex after the length prefix.

Encrypt the plaintext message using the actual key. Append as hex. The final ciphertext is: [4 hex: keyLen][keyLen×2 hex: encKey][msgLen×2 hex: encMsg]

Each byte is output as a 2-digit hex string — safe for text transmission, clipboard, and storage with no binary encoding issues.

Decryption Steps

Read first 4 hex chars → parse integer → recover key length L.

Extract next L × 2 hex chars → convert to bytes. Brute-force the 256 possible seed bytes to find the one that decrypts to a valid key string (all characters from the known alphabet), verified via seed-byte cross-check.

Use the recovered key to decrypt the remaining hex payload, restoring the original plaintext message byte by byte.

Security Properties

🔑 Each message uses a fresh 64-char cryptographic random key
📍 Position mixing prevents identical-plaintext pattern leaks
📦 Self-contained format — no key transport needed
💻 All computation runs 100% locally in your browser — zero network requests
🚫 No dependencies, no tracking, no storage

Owner Access — Restricted

This panel is restricted to the vault owner. Enter the owner code to view the activity log.

Owner Code