Security & Crypto Tools
Generate hashes, build HMACs, decode certificates and test password strength — all computed locally with the Web Crypto API. Because nothing leaves your browser, these are safe to use with sensitive input.
-
SSL Certificate Decoder
Decode an X.509 / SSL certificate from PEM and read its subject, issuer, validity, SANs, key details and fingerprints. Runs entirely in your browser.
-
Certificate to CSR
Paste a PEM certificate to generate an OpenSSL command that creates a matching CSR (with a new private key), reusing the subject and SANs. Runs in your browser.
-
Password Generator
Generate strong, random passwords in your browser — choose length, symbols and numbers, with a live strength meter. Nothing is uploaded.
-
Password Strength Checker
Check how strong your password is and how long it would take to crack. See its entropy, weaknesses and tips to improve it — entirely in your browser, never uploaded.
-
Hash Generator
Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes of text or a file, live, using your browser's Web Crypto API. Private and offline — nothing is uploaded.
-
HMAC Generator
Generate an HMAC (hash-based message authentication code) from a message and secret key using SHA-1, SHA-256, SHA-384 or SHA-512. Hex or Base64 output, computed in your browser.
-
AES Text Encryption
Encrypt and decrypt text with a password using AES-256-GCM, right in your browser. Strong, standards-based encryption with a PBKDF2-derived key — nothing is uploaded.
-
TOTP Generator
Generate time-based one-time passwords (TOTP) from a Base32 secret — the same 2FA codes as Google Authenticator and Authy. Live countdown, SHA-1/256/512 and 6/8 digits, all in your browser.
-
.htpasswd Generator
Generate .htpasswd entries for Apache and nginx basic authentication — bcrypt, Apache MD5 (apr1) or SHA-1. Username and password are hashed entirely in your browser, never uploaded.