This tool uses a modern, secure process called Password-Based Key Derivation and AES-GCM Encryption. Here's what happens:

1. Plaintext: This is your original, readable message.

2. Passphrase: This is the password you choose. It's the "master key" that you must remember and share securely.

3. Salt: To make your password even more secure, we generate a random piece of data called a salt. This salt is mixed with your password, ensuring that even if two people use the same password, their final encryption keys will be completely different. The salt isn't secret; it's bundled with your encrypted message.

4. Key Derivation (PBKDF2): Your password and the salt are fed into a special algorithm (PBKDF2) that runs thousands of times. This process is slow on purpose, making it very difficult for attackers to guess your password. The output is a strong, 256-bit encryption key that is never seen by you.

5. IV (Initialization Vector): Another piece of random data is generated. The IV ensures that if you encrypt the exact same message twice with the same password, the final output will look different each time, hiding patterns.

6. Ciphertext: The derived key and the IV are used with the AES-GCM algorithm to scramble your plaintext into an unreadable format. This is the final encrypted message. The salt, IV, and ciphertext are all bundled together for you to share.