My Tools Garage

XOR Cipher

Encrypt and decrypt text with a repeating-key XOR.

in-browser

How to use

  1. 1 Choose Encrypt or Decrypt and pick the encoding (hex or base64).
  2. 2 Type or paste your secret key.
  3. 3 Enter the plain text to encrypt, or the encoded ciphertext to decrypt.
  4. 4 Read the result and copy it.

About XOR Cipher

The XOR Cipher tool applies the classic exclusive-or operation between your message and a repeating secret key.

Because XOR is its own inverse, the very same operation both scrambles and unscrambles text: encrypt with a key, then decrypt with the same key, and you get the original message back.

It is one of the simplest building blocks in cryptography and a great way to understand how stream ciphers and one-time pads work under the hood.

Your text is first encoded as UTF-8 bytes, then each byte is XORed against the corresponding byte of the key, cycling through the key as needed.

Raw XOR output contains arbitrary bytes that would not survive copy and paste, so the result is presented as either lowercase hexadecimal or base64 — pick whichever you prefer and use the matching setting when decrypting.

Unicode is handled correctly, so emoji and non-Latin scripts round-trip cleanly.

A word on security: repeating-key XOR is wonderful for teaching, puzzles, CTF challenges and light obfuscation, but it is trivially breakable with frequency analysis when the key is short or reused, so it is not a replacement for vetted algorithms like AES.

Everything here runs locally in your browser — keys and messages are never transmitted or stored — making it safe to experiment with sensitive sample text while you learn how the operation behaves.

FAQ

Why does the output look like hex or base64 instead of text?

XOR can produce non-printable bytes. Encoding the result as hex or base64 makes it safe to copy and paste. Use the same encoding setting when decrypting.

Is XOR encryption secure?

Repeating-key XOR is easily broken with frequency analysis, especially with short or reused keys. Use it for learning and obfuscation, not for protecting real secrets — choose AES for that.

Does the same key always reverse the operation?

Yes. XOR is symmetric: encrypting and then decrypting with the identical key and encoding returns the exact original text.