Is my note sent to any server?

No. Encryption runs entirely in your browser. The encrypted ciphertext is embedded in the URL. The decryption key is in the URL fragment (after #) which browsers never include in HTTP requests — so this server never sees either your note or your key.

How long is the shareable link valid?

The link contains the encrypted data itself, so it never expires. However, if you want to revoke access, you cannot — once shared, anyone with the link can decrypt it. Treat the link like the note itself.

What does the optional passphrase do?

Without a passphrase, a random 256-bit key is generated and embedded in the link. With a passphrase, the key is derived from that passphrase using PBKDF2. The recipient must enter the same passphrase — providing an extra layer of security in case the link is intercepted.

Can I send sensitive passwords or API keys this way?

Yes — AES-256-GCM is cryptographically secure for this purpose. However, ensure you share the link through a secure channel (Signal, encrypted email) and not via plain text email or SMS.

🔒

Secure Note Sharer

Encrypt a private note with AES-256 and share it via a secure link. The note is decrypted in the recipient's browser — your text never leaves your device unencrypted.

🔒 Security Tools Free Browser-based

Tool

End-to-end encrypted. Your note is encrypted with AES-256-GCM in your browser. The decryption key is embedded in the link after the # symbol — it is never sent to any server.

Your Secret Note

Optional Passphrase

If you set a passphrase, the recipient must enter it to decrypt the note.

Paste Encrypted Link or Data

How Encryption Works

Your note is encrypted with AES-256-GCM — the gold-standard symmetric cipher. A random 256-bit key is generated for each note. The encrypted ciphertext is encoded as Base64 and embedded in the URL. The decryption key is placed in the URL fragment (after the #) which browsers never send to servers — so neither this site nor any intermediary can read your note.

Security Properties

Property	Detail
Cipher	AES-256-GCM (authenticated encryption)
Key derivation	PBKDF2 with SHA-256 (when passphrase used)
Key size	256 bits
Server access	None — key never sent to server
Tamper detection	Yes — GCM authentication tag

Limitations

The encrypted note is stored in the URL itself, which means it travels wherever the link goes. The link does not self-destruct — once created, anyone with the link can decrypt it until it is deleted from the recipient's browser history. For truly ephemeral notes, use a server-side one-time-secret service.

Secure Note Sharer

How Encryption Works

Security Properties

Limitations

Frequently Asked Questions