Conseal logo Conseal logo CONSEAL
GitHub

Live Demo

Encrypt text with a passcode using AES-256-GCM + PBKDF2 key wrapping.

Seal

Unseal

Encrypt or decrypt any file. The output is a .cnsl binary containing the original filename, salt, IV, wrapped key, and ciphertext.

Encrypt

📄
Drop a file or click to browse
Any file type — encrypted output is a .cnsl file

Decrypt

🔒
Drop a .cnsl file or click to browse
Produced by the Encrypt panel above

Generate an account key backed by a BIP-39 mnemonic. Seal a message, then recover the key from the mnemonic and unseal it — proving recovery works.

1

Create account

seal a message with the account key
2

Seal a message

lose the key — recover from mnemonic
3

Recover & unseal

Alice and Bob each have an ECDH key pair (for encryption) and an ECDSA key pair (for signing). Alice seals a message with Bob's public key and signs it with her private key. Bob verifies Alice's signature and decrypts with his private key.

Alice

Identity
Compose
sealed
+ signed

Bob

Identity
Received packet
ciphertext
iv
ephemeral pub
signature
sender Alice
No message received yet.

Generate an ECDSA P-256 key pair, sign a document with the private key, then verify the signature with the public key. Tamper with the document or signature to see verification fail.

1
Generate signing key pair
public key
private key stored in memory — never exported
2
Sign a document
algorithm ECDSA P-256 / SHA-256
signed over
signature

Change the passphrase protecting your account key. The key itself never changes — content sealed before the rekey is still decryptable with the new passphrase.

1

Create account key

now change the passphrase
2

Rekey

The AEK (account encryption key) stays the same. Only the wrapping changes — PBKDF2 runs twice: once to unwrap with the old passphrase, once to re-wrap with the new one.

verify old content still decrypts
3

Unseal with new passphrase

The message was sealed before the rekey. Unseal it now using only the new passphrase and the new wrapped key.

A 128-bit Secret Key is a second factor for AEK wrapping — neither the passphrase nor the Secret Key alone can unwrap the key. Mirrors 1Password's "Account Key" model.

1

Wrap with passphrase + Secret Key

A random 128-bit Secret Key is generated. The AEK is wrapped with both the passphrase and the Secret Key combined — PBKDF2 never sees the passphrase alone.

prove both factors are needed
2

Unlock with correct credentials

Using the same passphrase and Secret Key from step 1. Unwraps the AEK and decrypts the sealed message.

now try without the Secret Key
3

Attempt with wrong Secret Key

The correct passphrase is used, but a freshly generated (wrong) Secret Key replaces the real one. Even with the right passphrase, unwrapping must fail — the passphrase alone is not enough.

Generate or paste a JSON Web Key. The inspector validates it, decodes every field, and derives a SHA-256 fingerprint from the raw public point.

Key input