Is PGP Tool safe to use?

Yes. PGP Tool runs 100% in your browser — no data is ever sent to a server. All encryption and decryption happens client-side using openpgp.js. The code is open source under MIT license.

Can I use PGP Tool offline?

Yes. PGP Tool is a Progressive Web App (PWA) that works fully offline once installed. Enable air-gap mode to disable all network requests for maximum security.

What encryption algorithms does PGP Tool support?

PGP Tool supports RSA (2048–4096 bit) and ECC (Curve25519, P-384) for PGP key generation, AES-256-GCM for symmetric encryption and secure paste, and PBKDF2 with SHA-256 for key derivation.

How does the password generator work?

The password generator uses the browser's crypto.getRandomValues() API for cryptographically secure randomness. It supports random character passwords (6–128 chars) and EFF-wordlist passphrases (3–10 words). No passwords are stored or transmitted.

How does Secure Paste work without a server?

Secure Paste encodes the paste content directly into the URL fragment (after the # symbol). Optionally, content is encrypted with AES-256-GCM before encoding. The URL IS the paste — no server or database is involved.

What if I forgot my passphrase?

There is no recovery. PGP private keys are intentionally only decryptable by the passphrase holder — that is the whole point. If the key file has no backup with a known passphrase, the encrypted content is unrecoverable.

Why does decryption fail with "Session key decryption failed"?

Either the wrong private key is used (the message was encrypted to a different recipient), or the passphrase is incorrect. Confirm the recipient fingerprint in the message header matches your key.

Can I decrypt without a passphrase?

Only if the private key was generated or re-encrypted without one. To remove a passphrase, paste the key into Generate Keys → Change Passphrase mode and leave the new passphrase blank.

Is the decrypted content saved anywhere?

No. It lives in the browser tab until you close it. Copying the result starts a 30-second clipboard-clear countdown when the "sensitive" toggle is on.

Can I open share links from chat or email?

Yes. Links of the form pgptool.dev/decrypt#decrypt:BASE64 auto-load the ciphertext into the input field. The recipient still needs their private key to actually read it.

Decrypt PGP messages in your browser

Decrypt OpenPGP-encrypted messages with your private key, optionally protected by a passphrase or a WebAuthn passkey. Runs entirely client-side — your private key never leaves your device.

PGP decryption reverses the encryption process: paste the ciphertext (the block starting with -----BEGIN PGP MESSAGE-----), supply your private key and its passphrase, and the original plaintext appears in the output panel. The tool runs OpenPGP.js v6 entirely in your browser — there is no server-side decryption, and your private key is never transmitted.

Decrypt also accepts share-link URLs of the form pgptool.dev/decrypt#decrypt:BASE64. When you open one, the ciphertext is auto-loaded into the input field; you only need to paste your private key to read the message.

If your private key is protected by a WebAuthn passkey instead of a passphrase, the tool can unlock it via your authenticator (TouchID, security key, etc.) — no passphrase typing required. Decrypted output can be downloaded as plaintext or copied with a 30-second auto-clear from your clipboard for sensitive messages.

Frequently asked questions

What if I forgot my passphrase?: There is no recovery. PGP private keys are intentionally only decryptable by the passphrase holder — that is the whole point. If the key file has no backup with a known passphrase, the encrypted content is unrecoverable.
Why does decryption fail with "Session key decryption failed"?: Either the wrong private key is used (the message was encrypted to a different recipient), or the passphrase is incorrect. Confirm the recipient fingerprint in the message header matches your key.
Can I decrypt without a passphrase?: Only if the private key was generated or re-encrypted without one. To remove a passphrase, paste the key into Generate Keys → Change Passphrase mode and leave the new passphrase blank.
Is the decrypted content saved anywhere?: No. It lives in the browser tab until you close it. Copying the result starts a 30-second clipboard-clear countdown when the "sensitive" toggle is on.
Can I open share links from chat or email?: Yes. Links of the form pgptool.dev/decrypt#decrypt:BASE64 auto-load the ciphertext into the input field. The recipient still needs their private key to actually read it.