What is a Fernet key and how is it formatted?

A Fernet key is 32 bytes, base64url (URL-safe) encoded. It contains a 128-bit signing key and a 128-bit encryption key.

Does this tool store my messages or keys?

No. Encryption and decryption happen in your browser. The page does not store or upload your messages or keys.

Which algorithms does Fernet use?

Fernet uses AES-128 in CBC mode for encryption and HMAC-SHA256 for authentication.

How do I decrypt a Fernet token?

Select Decrypt, paste the Fernet token into the message field, and submit with the correct base64url-encoded key to recover the original plaintext.

Fernet Encryption/Decryption Online – Free | 8gwifi.org

Fernet Encryption/Decryption

Generate a Fernet key, encrypt text into a Fernet token, or decrypt a token back to plaintext.

Encrypt / Decrypt

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users

200+ tools

100% private

☕ One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good

Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.

Fernet

Fernet guarantees that a message encrypted using it cannot be manipulated or read without the key. All encryption in this version is done with AES 128 in CBC mode.

Key format

A fernet key is the base64url encoding of the following fields:

Signing-key || Encryption-key

Signing-key, 128 bits
Encryption-key, 128 bits

Token format

A fernet token is the base64url encoding of the concatenation of the following fields:

Version || Timestamp || IV || Ciphertext || HMAC

Version, 8 bits : with the value 128 (0x80)
Timestamp, 64 bits : It records the number of seconds elapsed between January 1, 1970 UTC and the time the token was created
IV, 128 bits
Ciphertext, variable length, multiple of 128 bits
HMAC, 256 bits : This field is the 256-bit SHA256 HMAC Version || Timestamp || IV || Ciphertext

Examples

fernet python example

>>> from cryptography.fernet import Fernet
>>> key = Fernet.generate_key()
>>> key
'Qk_GF82vx2qPBiF91n238Mp5HeAlgYpC90NB9PGEB_0='
>>> f = Fernet(key)
>>> token = f.encrypt(b"Hello 8gwifi.org")
>>> token
'gAAAAABf1ecawfmsxp0S80m5LxV4md9Vf4lO7N-P9jQ08de_oLb5382Aqf7aGEof23E6N0WYPyhJkvhT1dDJJU4tdAFAhqnK-uiOoSu1T5P6XZLPcU90Rn0='
>>> f.decrypt(token)
'Hello 8gwifi.org'
>>>

Using password with Fernet

>>> import base64
>>> import os
>>> from cryptography.fernet import Fernet
>>> from cryptography.hazmat.primitives import hashes
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
>>> password = b"password"
>>> salt = os.urandom(16)
>>> kdf = PBKDF2HMAC(
... algorithm=hashes.SHA256(),
... length=32,
... salt=salt,
... iterations=100000,
... backend=default_backend()
... )
>>> key = base64.urlsafe_b64encode(kdf.derive(password))
>>> key
'XuRrdEYerPl07JKzRuVhkcx7zuUTtaS0L12-Bs89gbY='
>>> f = Fernet(key)
>>> token = f.encrypt(b"Hello 8gwifi.org")
>>> token
'gAAAAABf1ekGtfc1S8_LgphBOmTs5YHt14vCEv2Q7XUoRHxHmsQeCSDE6bfQgyv7dk4YZQGvB5VRwCAO5CT6gm_r8PtYFdIaEjsBNAFovx7L_W2SrguCYdY='
>>> f.decrypt(token)
'Hello 8gwifi.org'

Limitation

Fernet is ideal for encrypting data that easily fits in memory. As a design feature it does not expose unauthenticated bytes. This means that the complete message contents must be available in memory, making Fernet generally unsuitable for very large files at this time

Fernet Encryption/Decryption

Encrypt / Decrypt

Support This Free Tool

Fernet

Key format

Token format

Examples

Limitation

Quick Access

PGP Tools

Sharing Services

Security Tools

Cryptography

Network Tools

Legal & Compliance

DevOps/Container

Blockchain

Encoders/Converters

Developer Tools

Machine Learning Visualizers

Media Tools

Documents & PDF

Finance

Health

Lifestyle & Productivity

Chemistry

Math & Education

Physics Tools

Internationalization