T

Text Machine

Powerful text tools, in your browser

Autokey Cipher

Encode and decode the autokey cipher, the stronger Vigenère variant where a short primer keyword starts the key and your message itself continues it, so the key never repeats. Switch between encode and decode and watch the working build live. Everything runs in your browser.

Primer keyword

Keyword

Enter a short primer keyword such as QUEENLY. It starts the key stream, which then continues with your message itself so the key never repeats. Only letters are used; uppercase and lowercase are treated the same, and any spaces, digits, or punctuation in the keyword are ignored.

Plaintext
Ciphertext

Enter text above to see the autokey result here.

How to use Autokey Cipher

  1. 1

    Choose encode or decode

    Pick Encode to turn plaintext into autokey ciphertext, or Decode to recover the plaintext from ciphertext. The same primer keyword is used for both directions.

  2. 2

    Enter the primer keyword

    Type a short keyword such as QUEENLY. It starts the key stream, which then continues with your message itself. Only letters are used, and case, spaces, and punctuation in the keyword are ignored.

  3. 3

    Type or paste your text

    Enter the message you want to convert. The cipher runs automatically as you type, and the letter-by-letter working updates live below, showing which key letters come from the keyword and which come from the message.

  4. 4

    Read, copy, and share

    Read the result, then copy it, download it as a text file, or share a link that reopens the tool with your exact keyword, direction, and text. Everything stays in your browser.

Understanding the Autokey Cipher

What is the autokey cipher?

The autokey cipher, also called the autoclave cipher, is a polyalphabetic substitution cipher in which the message itself becomes part of the key. A short primer keyword starts the key stream, and once those letters run out the key simply continues with the letters of the plaintext. Because the running key is as long as the message and never repeats, the autokey cipher avoids the regular, cyclic pattern that makes an ordinary repeating-key cipher easy to break.

It was published by the French diplomat Blaise de Vigenère in 1586, drawing on an earlier idea by Giovan Battista Bellaso. There is a well-known irony here: the simple repeating-key cipher that the world now calls the Vigenère cipher was actually Bellaso's, while Vigenère's own, stronger invention was this autokey. By feeding the plaintext back into the key, the autokey cipher removes the periodicity that later cryptanalysts such as Kasiski and Friedman would exploit to crack repeating keys.

How the autokey cipher works

Number the alphabet from A as 0 to Z as 25. Build the key stream by writing the primer keyword first, then continuing with the plaintext letters in order. Line that stream up under the message so one key letter sits beneath every plaintext letter. To encrypt, add each key letter to the letter above it and wrap around the alphabet with a remainder by 26, so the ciphertext letter is C = (P + K) mod 26.

Decryption has to work from left to right. You know the primer keyword, so you can recover the first few letters with P = (C − K) mod 26. Each plaintext letter you recover is then appended to the key stream and used to decrypt the next letter, and so on to the end. As with the Vigenère cipher, only the 26 letters are transformed: spaces, punctuation, and digits pass through untouched and do not consume a key letter, and letter case is preserved.

Worked example

Encrypt the message HELLO with the primer keyword KEY. The key stream is the keyword followed by the plaintext, which gives K, E, Y, H, E for the five letters. Adding each to the message gives H plus K is R, E plus E is I, L plus Y is J, L plus H is S, and O plus E is S. The ciphertext is RIJSS, and notice that the last two key letters, H and E, are simply the first two letters of the message itself.

To decrypt RIJSS you start with the keyword KEY. R minus K is H, I minus E is E, and J minus Y is L, which recovers HEL. Those recovered letters now extend the key, so the next key letter is H and S minus H is L, then the key letter E gives S minus E is O, completing HELLO. Each recovered letter unlocks the next, which is the heart of how an autokey cipher is read.

Autokey versus the repeating-key Vigenère

The ordinary Vigenère cipher repeats its keyword over and over: with the key KEY the stream is KEYKEYKEY and so on. That repetition is its fatal flaw, because the key length can be found by the Kasiski examination or the index of coincidence, after which each column is a simple Caesar shift. The autokey cipher uses the same addition rule but never repeats the key, so those classic tests do not apply.

You can see the difference in the worked example. With the key KEY, a repeating Vigenère would encrypt HELLO as RIJVS, while the autokey produces RIJSS — the two agree only while the keyword lasts and then diverge, because the autokey has moved on to the plaintext. That single change, feeding the message back into the key, was Vigenère's real contribution and made his cipher markedly stronger than the one that now bears his name.

Autokey versus the running-key cipher

The autokey cipher is closely related to the running-key cipher. Both use a key as long as the message so that nothing repeats, but they differ in where that long key comes from. A running-key cipher draws its key from a shared external text, such as an agreed page of a book, while the autokey cipher generates its long key from a short primer plus the plaintext itself.

Each approach has a catch. A running key taken from natural language carries its own statistical structure that can be attacked, but it needs no plaintext feedback. The autokey needs only a tiny shared secret, the primer keyword, but because part of its key is the plaintext, an attacker who guesses a common word can try sliding it through the message as if it were key, which is the main way autokey ciphers are broken.

How to break the autokey cipher

Because the key never repeats, the Kasiski examination and the index of coincidence, the standard tools against repeating-key ciphers, do not work directly on an autokey message. That makes it noticeably tougher than Vigenère, but it is still far from secure. The usual attack exploits the very feature that defines the cipher: most of the key is the plaintext, which is ordinary language.

An analyst guesses a probable word, such as THE or a likely name, and drags it across the ciphertext, subtracting it as if it were key. Where the guess is correct the operation reveals fragments of more plaintext, which can then be extended in both directions. Combined with brute-forcing the short primer keyword, this crib-dragging recovers autokey messages by hand, so the cipher is best seen as a clever historical step forward rather than a safe choice.

Is the autokey cipher secure?

No. Although the autokey cipher is stronger than a plain repeating-key Vigenère, it offers no real protection by modern standards. Its reliance on the plaintext as key opens it to crib-dragging, and its short primer can be brute-forced, so a determined analyst can break it with pencil and paper. It belongs to the history of classical cryptography rather than to any list of secure methods.

Today the autokey cipher is valued for learning and for play. It is an elegant way to see how feeding the message back into the key defeats the periodicity attacks that crack simpler ciphers, and it appears in puzzle hunts, escape rooms, and capture-the-flag challenges. For protecting real information you should rely on modern, well-tested algorithms such as AES instead.

Frequently asked questions

What is the autokey cipher?
The autokey, or autoclave, cipher is a polyalphabetic substitution cipher in which a short primer keyword starts the key and the plaintext itself continues it. Because the key is as long as the message and never repeats, it avoids the cyclic pattern that makes a repeating-key cipher easy to break. It was published by Blaise de Vigenère in 1586.
How does the autokey cipher work?
Number the alphabet A as 0 to Z as 25 and build the key stream from the keyword followed by the plaintext. To encrypt, add each key letter to the message letter modulo 26: C = (P + K) mod 26. To decrypt, subtract: P = (C − K) mod 26, recovering the plaintext from left to right and feeding each recovered letter back into the key. Only letters are changed.
How is the autokey cipher different from the Vigenère cipher?
A Vigenère cipher repeats its keyword across the whole message, while the autokey cipher uses the keyword only to start and then continues with the plaintext. That removes the repetition, so the Kasiski examination and the index of coincidence no longer reveal a key length. The autokey was in fact Vigenère's own, stronger cipher; the repeating one named after him was Bellaso's.
Can you show an autokey cipher example?
Encrypting HELLO with the keyword KEY gives RIJSS. The key stream is K, E, Y, H, E — the keyword followed by the first letters of the message — so H plus K is R, E plus E is I, L plus Y is J, L plus H is S, and O plus E is S. Decrypting RIJSS with KEY recovers HELLO one letter at a time.
What keyword should I use?
Use any short word or letter sequence; QUEENLY is the classic example. Only the letters matter, and uppercase and lowercase are treated the same. A longer, less predictable primer is a little stronger, but the security of the autokey cipher is limited whatever primer you choose, so do not rely on it for real secrets.
How do I decode an autokey cipher?
Switch the tool to Decode, enter the same primer keyword used to encrypt, and paste the ciphertext. The tool subtracts the keyword to recover the first letters, then feeds each recovered letter back into the key to unlock the rest. Without the keyword you would have to attack the cipher by guessing probable words.
What is the difference between autokey and running-key ciphers?
Both use a non-repeating key as long as the message. A running-key cipher takes that key from a shared external text such as a book, while the autokey cipher builds its key from a short primer plus the plaintext itself. The autokey needs only a tiny shared secret, but part of its key being the plaintext is exactly what lets crib-dragging break it.
Does the cipher change spaces, digits, and punctuation?
No. Only the 26 letters are transformed. Spaces, punctuation, and any digits in the message pass through unchanged and do not consume a key letter, so the key stays aligned with the letters. Letter case is preserved, so the output keeps the shape of your original text.
Is the keyword case sensitive?
No. The primer keyword is read as letters only, and uppercase and lowercase letters give the same shift, so KEY and key behave identically. Any spaces, digits, or punctuation typed into the keyword are ignored, leaving just the letters to start the key stream.
How do you break the autokey cipher?
The repeating-key tools do not apply because the key never cycles, so analysts attack the plaintext part of the key instead. They drag a probable word such as THE through the ciphertext, subtracting it as key; correct positions reveal more plaintext that can be extended outward. Brute-forcing the short primer alongside this crib-dragging recovers the message.
Is the autokey cipher secure?
No. It is stronger than a plain repeating-key Vigenère, but crib-dragging and a brute-forced primer let it be broken by hand, so it provides no real security today. Treat it as an educational and puzzle cipher and a notable piece of cryptographic history. For genuine protection use a modern algorithm such as AES.
Is my text uploaded to a server?
No. All encoding and decoding happen entirely in your browser, so your text and keyword are never uploaded, logged, or stored. Even a share link keeps your data in the part of the URL after the hash, which browsers never send to a server, so it stays private until you choose to share it.

Related tools

Keep going with these handy tools

Vigenère Cipher

Beaufort Cipher

Gronsfeld Cipher

Running Key Cipher

Porta Cipher

Trithemius Cipher