GabSoftware Crypto-Tools: A Free, Private Cryptography Toolbox That Runs Entirely in Your Browser

Need to encrypt a file, verify a digital signature, or inspect a JWT token? GabSoftware Crypto-Tools is a free, open toolbox that handles all of it — without ever sending your data to a server.

Privacy First, By Design

Most online crypto utilities are black boxes. You paste your secret key into a form, hit a button, and pray the server on the other end is not logging everything. Crypto-Tools takes a different approach: every computation runs locally in your browser using the built-in Web Crypto API. Your keys, plaintexts, and hashes never leave your machine. Close the tab and they are gone.

What Can You Do With It?

The toolbox covers a wide range of common cryptographic operations, grouped into dedicated tabs:

• AES Encryption — Encrypt and decrypt with AES-256 in GCM, CBC, CTR, or ECB mode. Full KDF support (PBKDF2 / Scrypt) built in.
• SHA Hashing — Compute SHA-256, SHA-384, or SHA-512 digests, with an optional comparison field.
• File Checksum — Drop a file, get its hash, and optionally download a .sha sidecar for distribution.
• HMAC — Sign and verify messages with HMAC-SHA-256/384/512.
• KDF (Key Derivation) — Derive keys from passwords with PBKDF2 or Scrypt (OWASP 2023 parameters by default).
• RSA-OAEP — Generate 4096-bit key pairs, encrypt, and decrypt. Keys export as standard SPKI/PKCS#8 PEM.
• ECDH & X25519 — Derive shared secrets with elliptic-curve Diffie-Hellman, with HKDF stretching and AES-GCM wrapping.
• ECDSA & Ed25519 — Generate key pairs, sign arbitrary data, and verify signatures.
• JWT / JWE / JWS — Decode and verify JSON Web Tokens, decrypt JWE payloads, and sign/verify JWS for arbitrary payloads including detached mode.
• JWK — Convert between JWK and PEM formats, and inspect key fields.
• PKCS#7 / CMS — Unpack certificate bundles and verify CMS SignedData (RSA PKCS1v1.5 and ECDSA).
• Key Inspector — Paste any PEM or DER key or certificate and get a human-readable breakdown of its fields.
• Encode / Decode — Convert between Base64, Hex, and UTF-8.
• Random Generator — Generate cryptographically secure hex strings, Base64 blobs, UUIDs, and EFF passphrases.
• Data URL — Encode and decode data: URIs for files and images.

Built on Modern Web Standards

There is no backend, no database, and no telemetry. The app is built with React 19 and Vite, and every cryptographic primitive comes straight from the browser’s native crypto.subtle API — the same engine your browser uses to secure HTTPS connections. This means the implementations are audited, hardware-accelerated where available, and not subject to the supply-chain risks that come with third-party crypto libraries.

Who Is It For?

Crypto-Tools is aimed at developers, security engineers, and technically curious users who need a quick and trustworthy way to:

• Prototype or test cryptographic workflows without writing code
• Inspect tokens, certificates, and keys from a production environment
• Generate secure keys and IVs for use in their own applications
• Verify signatures or checksums on received files
• Learn how modern cryptographic primitives work, interactively

Try It

The tool runs entirely in your browser: no installation, no account, no strings attached. Give it a try and let me know what you think in the comments below.