What's the difference between Personal and Studio?

Personal ($39) is for one person — unlimited use on one active device at a time. Activate on a new device and the old one signs out. Studio ($199) is for teams and commercial client work — unlimited team members, early access to new tools, and a commercial license.

Do I need an account?

No. Use any tool free up to 5 times per day on compute-heavier tools, and unlimited on lightweight ones. No card, no account, no signup required.

Where are my files processed?

Right on your device. Files never upload to any server. Everything runs in your browser — you can verify in DevTools → Network.

What happens if I use my Personal license on a second device?

The new device activates and the old device signs out. Your license key stays the same — you just move it between devices as needed. No limit on how often you switch.

Does this work on my phone?

Yes. Every tool works on iPhone, Android, tablet, and desktop.

What if I want a refund?

30-day money-back guarantee on both tiers. No questions asked. Email sales@cipherforces.com.

Will you add more tools?

Yes. New tools ship regularly. Your license includes every tool we ever release — Studio members get early access.

Defensive security utilities

Hash, encrypt, sign — without trusting anyone.

Security tools have the highest trust requirement of any category — you cannot use a tool whose maker can see your input. Every CipherForces security tool runs entirely in the browser via the Web Crypto API and pure JavaScript, with no server round-trip for the actual cryptographic work. Hash a password, encrypt a file with AES-256, generate HMAC signatures for webhook verification, decode a JWT, generate a strong password, check whether a password has been seen in known breaches (Have-I-Been-Pwned with k-anonymity), audit an SSL certificate. The HMAC Calculator has both a Generate mode and a Verify mode (Stripe webhook debugging is a one-shot operation), and signature comparison uses constant-time equality. The Encryption Tool uses AES-GCM with PBKDF2-derived keys (310k iterations) — same parameters as 1Password and Bitwarden. The Password Generator is local-only, never logged, never transmitted.

100% PrivateWorks Offline7 tools

Every tool in this category

7 security tools.

Email Obfuscator

Free unlimited

Hide your email address from spam scrapers using HTML entity, JavaScript, and reverse-string encoding.

Open tool

Encrypt & Decrypt

Encrypt text and files with AES-256. Decrypt with your password.

Open tool

File Checksum Verifier

Free unlimited

Verify file integrity by comparing SHA-256 checksums.

Open tool

Hash Generator

Free unlimited

Generate SHA-1, SHA-256, SHA-384, SHA-512 hashes for text and files.

Open tool

HMAC Calculator

Free unlimited

Generate or verify HMAC signatures (SHA-1, SHA-256, SHA-384, SHA-512). Built for webhook signature debugging.

Open tool

JWT Decoder

Free unlimited

Decode a JSON Web Token to inspect its header, payload, and expiry.

Open tool

SSL Certificate Checker

Free unlimited

Check any website's SSL certificate and security headers.

Open tool

Why these tools

Built for privacy, breadth, and speed.

Web Crypto API everywhere

Hash, HMAC, AES, key derivation — all use the browser's native crypto.subtle, which is hardware-accelerated, FIPS-validated on most platforms, and impossible to backdoor without subverting the browser itself.

k-anonymous breach checking

Breach Checker uses Have-I-Been-Pwned's k-anonymity API: only the first 5 characters of your password's SHA-1 hash leave your browser. The full password and its full hash never transmit.

Webhook signature debugging

HMAC Calculator has a dedicated Verify mode for Stripe / GitHub / Twilio / Slack webhook debugging. Paste payload, secret, and the received signature — get an immediate ✓match or ✗no-match with constant-time comparison.

No telemetry on cryptographic input

Tools in this category never log inputs. Click counts only. The password you generate, the file you encrypt, the JWT you decode — those stay on your device.

Common questions

People ask these things.

How do I check if my password has been breached?

Use the Breach Checker. It hashes your password locally with SHA-1, sends only the first 5 hex characters to the Have-I-Been-Pwned API, and compares the returned suffix list locally. Your full password (and its full hash) never transmit.

Can I encrypt a file in my browser?

Yes — Encryption Tool uses AES-256-GCM with PBKDF2 (310k iterations, SHA-256). Drop a file, set a password, download the .enc output. Same parameters that 1Password and Bitwarden use for their vaults.

How do I verify a webhook signature?

Use HMAC Calculator in Verify mode. Paste the raw payload, your endpoint secret, and the received signature header. The tool computes the expected signature locally, compares constant-time, returns match/no-match. Works for Stripe, GitHub, Twilio, Slack, Vercel, and any HMAC-SHA256 webhook.

Other tool categories

Explore more tools.

PDF Tools

23 tools — pdf

Image Tools

17 tools — image

Audio Tools

2 tools — audio

See every tool we ship.

84 browser-based tools across PDF, image, audio, developer, business, and security categories. All free for daily use; one-time license for unlimited.

Browse all tools See pricing

Hash, encrypt, sign — without trusting anyone.

100% PrivateWorks Offline7 tools