Skip to content

Vigenere Cipher Decoder

Encrypt or decrypt classic Vigenere text with a known repeating A–Z key entirely in your browser.

Privacy: your files never leave your device. All processing happens locally in your browser.

How to use

  1. 1.Enter plaintext for encryption or ciphertext for decryption, up to 500,000 UTF-16 code units.
  2. 2.Enter a known key containing only ASCII letters A–Z, then choose Encrypt or Decrypt.
  3. 3.Run the transformation, copy the labeled result with its Copy button, and keep the exact key for reversal.

About Vigenere Cipher Decoder

Vigenere Cipher transforms text with the classic repeating-key polyalphabetic substitution method. Enter plaintext to encrypt or ciphertext to decrypt, provide a known key made only from ASCII letters A through Z, select a mode, and run the transformation. Everything happens locally in the current browser tab. No text or key is uploaded, no account is required, and the tool does not attempt to discover an unknown key. The implementation maps A through Z to values 0 through 25. Each key letter supplies a shift in the same range: A means zero, B means one, and Z means twenty-five. Encryption adds the current key shift to the current message letter modulo 26. Decryption subtracts the shift modulo 26. When the message contains more participating letters than the key, the key repeats from its beginning. This is the arithmetic equivalent of using a traditional Vigenere tableau. The scope is deliberately precise. Only ASCII uppercase A-Z and lowercase a-z are transformed. Uppercase input remains uppercase and lowercase input remains lowercase. Spaces, line breaks, digits, punctuation, emoji, accented letters, CJK characters, combining marks, and every other non-ASCII-letter code unit are copied exactly as entered. They do not advance the key. For example, punctuation between two letters does not consume a key character; the next ASCII letter uses the next key shift. This convention is stated in the interface and locked by tests so users do not have to guess how spacing changes alignment. Keys are case-insensitive: lemon and LEMON produce the same shifts. A key must be nonempty and contain ASCII letters only, with no spaces, digits, punctuation, accents, or symbols. The key length limit is 256 letters. Invalid or empty keys produce a direct error and no partial result. Editing the text, key, or mode immediately removes the previous output and error so an old ciphertext cannot remain visible after the inputs change. Clear removes text, key, output, and error together. The input limit is 500,000 JavaScript UTF-16 code units. Text exactly at the limit is transformed in full. Text above it is rejected as a whole with an explicit message; no prefix is silently processed or displayed as if complete. The counter uses UTF-16 code units because that is JavaScript string length and provides a predictable browser memory guard. This limit measurement is separate from the cipher alphabet: a supplementary emoji occupies two code units but remains unchanged and consumes no key letter. Production and isolated tests share the same validation and transformation functions. Nine external golden cases cover complete encryption and decryption examples from cryptography education sources, the well-known ATTACKATDAWN/LEMON pair, and forward and reverse alphabet wrap. Additional tests prove case preservation, lowercase-key normalization, punctuation and Unicode pass-through, nonletter key alignment, empty text behavior, invalid key categories, exact key and input boundaries, and encryption/decryption round trips on mixed text. The output is deterministic for the same text, key, mode, and stated alignment convention. This tool is not a solver, cracker, frequency-analysis utility, or key-recovery system. Decrypt mode requires the correct key. It does not test dictionaries, estimate key length, score possible plaintext, or claim that output is meaningful when the supplied key is wrong. It also does not implement autokey, Beaufort, variant Beaufort, running-key, tabula recta variants with different alphabets, Unicode alphabets, byte encryption, or locale-specific letter folding. Vigenere is historically important and useful for teaching modular arithmetic, polyalphabetic substitution, escape-room clues, classroom exercises, and recreational puzzles. It is not secure modern cryptography. Repeating keys leak statistical structure, and computers can analyze or try likely keys efficiently. Do not use this tool to protect passwords, authentication tokens, financial details, personal records, confidential messages, production secrets, or any data whose disclosure would matter. Use a maintained modern encryption system with authenticated encryption and appropriate key management for real security. The sources linked below document the repeating-key method, full worked examples, and the fact that the historical cipher can be broken. The tool labels its result as ciphertext or plaintext according to the selected operation, but those labels describe the requested transformation rather than verifying the meaning, originality, or security of the text. Always retain the exact key and alignment convention when exchanging a puzzle, because different programs may advance the key across spaces or normalize characters differently. Under this tool's convention, only ASCII letters advance the key, every nonletter remains byte-for-string visible in its original position, and source letter case is preserved.

Methodology & sources

ASCII letters map to 0-25. Key letters are validated with A-Z/a-z only and normalized uppercase. For each ASCII message letter, encryption computes (letter + keyShift) mod 26 and decryption computes (letter - keyShift + 26) mod 26, then restores the source letter's case. The repeating key index advances only for ASCII letters; all other UTF-16 code units are copied without consuming key. Input above 500,000 UTF-16 code units and keys above 256 letters are rejected in full. Editing any input clears old output. Scope is known-key classic Vigenere only: no solver, autokey, Beaufort, Unicode alphabet, normalization, or security claim.

Frequently asked questions

Do spaces and punctuation advance the key?
No. Only ASCII letters A-Z or a-z consume a key letter. Every other character is copied unchanged and the next ASCII letter uses the next key shift.
Does key capitalization matter?
No. Keys are normalized to uppercase internally, so LEMON, lemon, and Lemon produce the same shifts. The key may not contain spaces, digits, accents, or symbols.
Can this tool find or solve an unknown key?
No. It only encrypts or decrypts with the key you supply. It does not perform frequency analysis, key-length estimation, dictionary search, brute force, or plaintext scoring.
Is Vigenere secure for private information?
No. It is a historical cipher vulnerable to modern analysis. Use it for learning and puzzles, not passwords, secrets, personal data, or any security-sensitive purpose.

Encoding & Crypto guides

View all