Browser-Native Secure Text Encryption
Salty makes it easy to send strongly-encrypted messages with a shared key. It provides encryption capabilities via the browser's Web Crypto API, and the resulting text is encoded with basE91 for portability.
Salty doesn't store or process messages on the server. All encryption and decryption happens in your browser, and only the encrypted text is transmitted. Use strong, unique keys and share them through secure channels.
Salty uses AES-256-GCM authenticated encryption, with keys derived from your passphrase via PBKDF2-HMAC-SHA-512 at 600,000 iterations. Ciphertext is encoded with basE91 for compact, copy-paste-friendly transport. The crypto runs entirely in your browser via the Web Crypto API; the server (Cloudflare Workers) only sees what you've already encrypted.
Salty is post-quantum-acceptable today by construction. AES-256
retains roughly 128-bit effective security under Grover's
algorithm (still safe per NIST guidance); PBKDF2-SHA-512 is hash-
based and PQ-resistant; and there is no asymmetric cryptography in
the application for Shor's algorithm to attack. The TLS
connection between your browser and salty.esolia.co.jp is also
post-quantum protected — Cloudflare's edge auto-negotiates the
X25519MLKEM768 hybrid key encapsulation with PQ-capable
browsers (Chrome 124+, Firefox 132+, Edge).
Salty is developed and maintained by eSolia Inc. and is open-sourced on GitHub under the MIT License.
Concept, basE91 encoding/decoding and crypto functions adapted from Adam Newbold's Salty (https://salty.neatnik.net/).
8-128 characters
Exclude symbols that are hard to type on mobile
Scan this QR code to open the encrypted message on another device. The key will still be required for decryption.
Browser-Native Secure Text Encryption
Salty makes it easy to send strongly-encrypted messages with a shared
key.
It provides encryption capabilities via the browser's Web
Crypto API, and the resulting text is encoded with basE91 for
portability.