How does an XOR cipher work?

Each byte of the message is combined with a byte of the key using the bitwise exclusive-OR operation. Because XOR flips bits, applying the same key twice returns the original value, so the same operation both encrypts and decrypts.

Why is the output shown in hexadecimal?

XOR can produce byte values that are control characters or invalid text, which would not survive copy-paste. Encoding the ciphertext as hex makes every result safely printable and copyable; the decrypt step reads the hex back into bytes before XORing.

What is a repeating-key XOR?

If the key is shorter than the message, it is repeated cyclically so every message byte has a key byte to XOR with. This is the same idea as a Vigenere cipher but at the bit level, and it is only secure if the key is as long as the message and never reused.

Is the XOR cipher secure?

A repeating short key is weak — it can be broken with frequency analysis and the Kasiski or index-of-coincidence methods. Only a truly random key as long as the message and used once (a one-time pad) gives the XOR cipher provable secrecy.

Does XOR handle Unicode and emoji?

Yes. This tool encodes both the text and the key as UTF-8 bytes before XORing, so multi-byte characters such as accents and emoji are processed correctly and round-trip back to the original on decryption.

XOR Cipher — Gera Tools

The XOR cipher is the simplest symmetric cipher and the basic building block behind much of modern cryptography, including stream ciphers and the one-time pad. It combines each byte of your message with a byte of a key using the bitwise exclusive-OR operation. XOR is self-inverse: applying the same key a second time restores the original data, so a single operation both encrypts and decrypts.

How it works

Both the message and the key are first converted to bytes (this tool uses UTF-8, so accents and emoji work). The key is then repeated to match the message length, and each message byte is XORed with the corresponding key byte:

cipher[i] = message[i] XOR key[i mod keyLength]

XOR works bit by bit: 0 XOR 0 = 0, 1 XOR 1 = 0, 0 XOR 1 = 1. Because x XOR k XOR k = x, decryption is exactly the same operation. The ciphertext bytes are shown as hexadecimal so the result is always printable and copyable; decryption parses the hex back into bytes before XORing with the key.

Worked example

XOR the character A (byte 0x41, binary 0100 0001) with key byte K (0x4B, 0100 1011). Bit by bit the result is 0000 1010 = 0x0A. XOR 0x0A with 0x4B again and you get back 0x41 = A. With a multi-character key the pattern simply repeats across the whole message, and the same key string decrypts it.

Notes and tips

A short, reused key is not secure: repeating-key XOR falls to classical attacks such as Kasiski examination and the index of coincidence. To get the famous unbreakable property you need a key that is random, as long as the message, and never reused — that is the one-time pad. Keep the key identical on both ends and remember that encrypt and decrypt are the same XOR. Everything is computed locally in your browser; nothing leaves your machine.