Is PGP Tool safe to use?

Yes. PGP Tool runs 100% in your browser — no data is ever sent to a server. All encryption and decryption happens client-side using openpgp.js. The code is open source under MIT license.

Can I use PGP Tool offline?

Yes. PGP Tool is a Progressive Web App (PWA) that works fully offline once installed. Enable air-gap mode to disable all network requests for maximum security.

What encryption algorithms does PGP Tool support?

PGP Tool supports RSA (2048–4096 bit) and ECC (Curve25519, P-384) for PGP key generation, AES-256-GCM for symmetric encryption and secure paste, and PBKDF2 with SHA-256 for key derivation.

How does the password generator work?

The password generator uses the browser's crypto.getRandomValues() API for cryptographically secure randomness. It supports random character passwords (6–128 chars) and EFF-wordlist passphrases (3–10 words). No passwords are stored or transmitted.

How does Secure Paste work without a server?

Secure Paste encodes the paste content directly into the URL fragment (after the # symbol). Optionally, content is encrypted with AES-256-GCM before encoding. The URL IS the paste — no server or database is involved.

Are the files encrypted to one key or many?

One key — every file in the batch is encrypted to the same recipient. To send different files to different recipients, run the tool multiple times.

Does the zip get encrypted?

No — the .pgp files inside are encrypted, but the zip itself is plain (not password-protected). Anyone with the zip sees which files are inside; only the key-holder can read their contents.

How many files can I batch?

Bounded by browser memory. Practically: a few dozen large files, hundreds of small ones. The progress indicator shows where you are.

Does it preserve filenames?

Yes — each .pgp file in the zip uses the original filename plus the .pgp extension (so doc.pdf becomes doc.pdf.pgp).

Can the recipient bulk-decrypt?

GnuPG can decrypt a batch via a shell loop (gpg --decrypt for each file). PGP Tool currently decrypts one at a time via File Encrypt.

Batch-encrypt multiple files with PGP

Drop a folder of files, encrypt each one to the same public key, and download a single zip. Each file remains independently decryptable — no archive bundling.

Batch Encrypt is the multi-file companion to File Encrypt. Drop several files (or a folder), paste a recipient's public key, and the tool produces a zip containing one encrypted .pgp per input file. The zip is convenient packaging only — each .pgp inside is a standalone OpenPGP message.

Each file is encrypted independently in a Web Worker, so the UI stays responsive. The recipient can extract the zip and decrypt files individually as needed, without having to decrypt the whole batch at once.

Useful for sending evidence packages, source code dumps, multi-document submissions, or any workflow that produces several sensitive files at once. For a single file, use File Encrypt instead — less ceremony, same result.

Frequently asked questions

Are the files encrypted to one key or many?: One key — every file in the batch is encrypted to the same recipient. To send different files to different recipients, run the tool multiple times.
Does the zip get encrypted?: No — the .pgp files inside are encrypted, but the zip itself is plain (not password-protected). Anyone with the zip sees which files are inside; only the key-holder can read their contents.
How many files can I batch?: Bounded by browser memory. Practically: a few dozen large files, hundreds of small ones. The progress indicator shows where you are.
Does it preserve filenames?: Yes — each .pgp file in the zip uses the original filename plus the .pgp extension (so doc.pdf becomes doc.pdf.pgp).
Can the recipient bulk-decrypt?: GnuPG can decrypt a batch via a shell loop (gpg --decrypt for each file). PGP Tool currently decrypts one at a time via File Encrypt.