X25519 ECDH + ChaCha20-Poly1305 client-side encryption
In production, generate this server-side and keep the private key secret. Only the public key is shared with clients.
Enter form fields to encrypt. Data is encrypted client-side before transmission.
1. Key Exchange: An ephemeral X25519 keypair is generated for each encryption.
2. Shared Secret: ECDH derives a shared secret using the ephemeral private key and server's public key.
3. Encryption: Form data is encrypted with ChaCha20-Poly1305 using the derived key.
4. Payload: The ephemeral public key is included in the header so the server can decrypt.
Each encryption produces a unique output even for the same data, ensuring forward secrecy.