Extended Vigenère (Full ASCII)

Vigenère over 95 printable ASCII chars instead of just 26 letters

Applies the Vigenère cipher over the full 95 printable ASCII characters (codes 32 to 126) rather than only the 26 letters, so spaces, digits, and punctuation are all enciphered. Runs entirely in your browser. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

How is this different from a classic Vigenère cipher?

Classic Vigenère uses a 26-letter alphabet and ignores spaces and punctuation. This extended version uses all 95 printable ASCII characters (codes 32 to 126), so spaces, digits, and symbols are enciphered too and the keystream advances on every character.

The extended Vigenère cipher widens the classic polyalphabetic cipher from the 26-letter alphabet to the full set of 95 printable ASCII characters. Because spaces, digits, and punctuation become part of the alphabet, every visible character in your message is enciphered and the keystream advances on each one.

Classic vs extended Vigenère: what changes

The traditional Vigenère cipher operates only over the 26 Latin letters, ignoring all other characters. This creates two practical problems for modern text:

  1. Spaces and punctuation pass through unchanged. An attacker can see word boundaries, sentence structure, and punctuation patterns in the ciphertext — leaking structural information about the plaintext even before any cryptanalysis.
  2. Digits and symbols are unenciphered. A message like call at 3pm leaves 3pm in the clear, which can be significant.

The extended version solves both problems by treating all 95 printable ASCII characters (codes 32 through 126: space, punctuation, digits, uppercase, lowercase) as a single 95-character alphabet. The key shift is applied modulo 95 instead of modulo 26, and every character in the message is enciphered — including spaces, commas, and digits.

How it works

Each printable character is treated as a number from 0 to 94 by subtracting the ASCII code of space (32). The repeating key is converted the same way, and the two are combined modulo 95:

P = charCode(plain) - 32      (0..94)
K = charCode(keyChar) - 32    (0..94)
encode: C = (P + K) mod 95
decode: P = (C - K + 95) mod 95
output char = String.fromCharCode(result + 32)

The key index only advances for printable characters, so any non-printable character (newline, tab, or accented letter outside the ASCII range) is emitted untouched and does not consume key material.

Worked example

With the key Key123, the plaintext Hello, World! enciphers character by character:

  • H (code 72, offset 40) + K (code 75, offset 43) = 83 mod 95 = 83 → code 115 → s
  • e (code 101, offset 69) + e (code 101, offset 69) = 138 mod 95 = 43 → code 75 → K
  • And so on through the message, including the comma and space.

Decoding the resulting ciphertext with the same key Key123 returns Hello, World! exactly. The space in the original message does not appear as a space in the ciphertext — it is shifted to a different printable character, hiding word boundaries.

Key selection guidance

The security of any Vigenère cipher depends heavily on key length relative to message length:

  • Single-character key: Equivalent to a Caesar cipher over 95 characters. Trivial to break by frequency analysis — a brute-force search of only 95 possible shifts takes milliseconds.
  • Short key (under 8 characters): Vulnerable to the Kasiski test and index-of-coincidence analysis. The key period can be determined and then each alphabet position attacked separately.
  • Key as long as the message (one-time pad semantics): If the key is truly random and used only once, the cipher is information-theoretically secure. In practice, most users do not use truly random keys, making this hard to achieve.

For puzzle and educational use, any memorable key works fine. For anything requiring genuine secrecy, use modern authenticated encryption (AES-GCM, ChaCha20-Poly1305) instead — the Vigenère cipher, even in this extended form, is not considered secure for protecting real sensitive information.

Notes

This tool runs entirely in your browser. Nothing is uploaded. Both encryption and decryption use the same key — share the key through a separate secure channel if you need the recipient to decode.