CryptoTools.net is a suite of cryptographic utilities designed for ease of use and client side only calculations. With tools for AES, hashing, OTP, and more, CryptoTools.net offers quick and easy access to much of the same functionality as OpenSSL and other command line utilities. All operations take place client side, so no data is ever sent to the server.


Use Cases

While each of these tools serve a single function, they can be used in combination with each other or other applications to achieve a desired goal.

End-to-End Messaging with Forward Secrecy

Two parties could use a shared key with the AES tool to exchange encrypted messages, but they risk their conversation being decrypted by an adversary should they ever obtain the key. However, the two parties could use the HMAC Calculator and the Diffie-Hellman Key Exchange tools to achieve forward secrecy with session key integrity. Here's how:

  1. Establish a pre-shared integrity key between you and your partner. This needs to be done in-person or over some other medium you trust. This key is only used for session key exchange integrity, not the actual encryption of message data. The rest of your communication can be over an untrusted medium.
  2. Open the Diffie-Hellman Key Exchange (DHE) tool and obtain your public key. Copy it to the Input field of the HMAC Calculator and use your pre-shared integrity key as the HMAC key. Send both your public key and the SHA-256 (or other agreed upon algorithm's) output to your partner.
  3. Obtain the likewise generated information from your partner, paste their public key into the HMAC Input field, and verify that their SHA-256 value matches the output that you calculated. If it does, paste their public key into the Partner Public Key field in the DHE tool. You will then have calculated a shared secret. Your partner should have followed these same steps and calculated the exact same shared secret.
  4. Copy the shared secret into the Key field of the AES String Encryption & Decryption tool. You are then free to encrypt and decrypt messages to and from your partner and send them over untrusted media.

OTP Secret Restoration for Authenticator App

When you enable multi-factor authentication (MFA) on various web apps, it is generally a good idea to back up the secret key issued by the server. If you've done that and lost website's entry in your authenticator app (e.g., Google Authenticator), you can easily restore it by visiting the One-Time Password Calculator tool and paste your saved secret key into the Secret field and entering a name in the QR Code Account field. Scan the code into your authenticator app and you're back in business! The timed calculated result should match what shows up on your phone.