Tools

ChaCha20-Poly1305 Encryption and Decryption Online

Authenticated encryption combining the ChaCha20 stream cipher with the Poly1305 MAC. Every ciphertext includes a 16-byte authentication tag.

Key (64 hex chars = 256-bit)

0 / 64 characters

Nonce (24 hex chars = 96-bit)

0 / 24 characters

Additional Authenticated Data (optional)

Plaintext

Ciphertext (Base64)

About ChaCha20-Poly1305

256-bit key (32 bytes), provided as 64 hex characters
96-bit nonce (12 bytes), provided as 24 hex characters
Poly1305 appends a 16-byte authentication tag - ciphertext is 16 bytes longer than plaintext
AAD is authenticated but not encrypted - use for headers or metadata
Never reuse the same key and nonce pair for different messages

Loading ChaCha20 Cipher...

Encrypt and decrypt data using ChaCha20-Poly1305 AEAD cipher. Requires a 256-bit key (64 hex chars) and a 96-bit nonce (24 hex chars). Authenticated encryption with optional AAD. No data is uploaded.

What is CHACHA20-CIPHER?

ChaCha20-Poly1305 is a modern authenticated encryption with associated data (AEAD) cipher designed by Daniel J. Bernstein. ChaCha20 is a 256-bit stream cipher that is faster than AES on processors without dedicated AES hardware instructions. Poly1305 is a message authentication code that detects tampering. Together they provide confidentiality, integrity, and authenticity. ChaCha20-Poly1305 is used in TLS 1.3, QUIC, WireGuard VPN, and many modern cryptographic applications. It is preferred over AES-GCM on mobile and embedded devices.

Example

Input:

Key: 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
Nonce: 000000000000000000000000
Plaintext: Hello World

Output:

Encrypted (Base64): a2FzZGY... (varies - includes auth tag)

FAQ

What is the difference between ChaCha20 and ChaCha20-Poly1305?
ChaCha20 is the stream cipher component that encrypts data. Poly1305 is the message authentication code that detects tampering with the ciphertext. ChaCha20-Poly1305 combines both into an AEAD scheme that simultaneously provides encryption and authentication. This tool uses the combined AEAD variant, which is what TLS 1.3 and WireGuard use.
What is a nonce and why must it never be reused?
A nonce (number used once) is a 96-bit random value used alongside the key to initialize the cipher. If you encrypt two different messages with the same key AND the same nonce, an attacker can XOR the two ciphertexts together to cancel the keystream, revealing information about both plaintexts. Always generate a fresh random nonce for each encryption operation.
What is AAD (Additional Authenticated Data)?
AAD is data that is authenticated but not encrypted. It is mixed into the Poly1305 authentication tag computation. This allows headers, metadata, or routing information to be validated alongside the encrypted payload without encrypting them. If AAD is modified in transit, decryption will fail with an authentication error.
Why is ChaCha20 preferred over AES on mobile?
AES is fastest on processors with AES-NI hardware acceleration (modern x86 CPUs). ARM processors in mobile and IoT devices often lack AES-NI, making software AES slower. ChaCha20 is designed to be fast in software on any platform. Google adopted ChaCha20-Poly1305 in TLS for Android devices for this reason.
What happens if decryption fails?
If the key, nonce, or AAD does not match what was used during encryption, the Poly1305 tag verification fails and the tool throws an authentication error. This is a critical security feature - it prevents decryption of tampered or corrupted ciphertext and ensures you can trust the decrypted output.