Is PGP Tool safe to use?

Yes. PGP Tool runs 100% in your browser — no data is ever sent to a server. All encryption and decryption happens client-side using openpgp.js. The code is open source under MIT license.

Can I use PGP Tool offline?

Yes. PGP Tool is a Progressive Web App (PWA) that works fully offline once installed. Enable air-gap mode to disable all network requests for maximum security.

What encryption algorithms does PGP Tool support?

PGP Tool supports RSA (2048–4096 bit) and ECC (Curve25519, P-384) for PGP key generation, AES-256-GCM for symmetric encryption and secure paste, and PBKDF2 with SHA-256 for key derivation.

How does the password generator work?

The password generator uses the browser's crypto.getRandomValues() API for cryptographically secure randomness. It supports random character passwords (6–128 chars) and EFF-wordlist passphrases (3–10 words). No passwords are stored or transmitted.

How does Secure Paste work without a server?

Secure Paste encodes the paste content directly into the URL fragment (after the # symbol). Optionally, content is encrypted with AES-256-GCM before encoding. The URL IS the paste — no server or database is involved.

How is the project funded?

It is not. There are no ads, no premium tier, no analytics SaaS, no funding round.

Can I host my own copy?

Yes. The site is fully static — no backend. Build the bundle and serve it from any static-file host.

What does the future roadmap look like?

Active priorities include accessibility polish, expanded test coverage, and SEO infrastructure. The toolkit is feature-complete for typical PGP workflows.

About PGP Tool

PGP Tool is an open-source, MIT-licensed, 100% client-side privacy toolkit that runs entirely in your browser.

PGP Tool exists because privacy tools should be inspectable, auditable, and free of vendor lock-in. Every operation runs in your browser; no plaintext ever crosses a server.

The toolkit is built on OpenPGP.js v6 (the de-facto standard JavaScript PGP library), the WebCrypto API for additional primitives (AES-GCM, PBKDF2, SHA-2), hash-wasm for Argon2id, and a modern React + Vite + Tailwind stack for the UI.

Air-gap mode disables every network request with a single click and visibly indicates the locked-down state. The Network Activity chip in the top bar shows in real time how many cross-origin requests have left the page — your independent verification that the trust pitch holds.

Frequently asked questions

How is the project funded?: It is not. There are no ads, no premium tier, no analytics SaaS, no funding round.
Can I host my own copy?: Yes. The site is fully static — no backend. Build the bundle and serve it from any static-file host.
What does the future roadmap look like?: Active priorities include accessibility polish, expanded test coverage, and SEO infrastructure. The toolkit is feature-complete for typical PGP workflows.