Is PGP Tool safe to use?

Yes. PGP Tool runs 100% in your browser — no data is ever sent to a server. All encryption and decryption happens client-side using openpgp.js. The code is open source under MIT license.

Can I use PGP Tool offline?

Yes. PGP Tool is a Progressive Web App (PWA) that works fully offline once installed. Enable air-gap mode to disable all network requests for maximum security.

What encryption algorithms does PGP Tool support?

PGP Tool supports RSA (2048–4096 bit) and ECC (Curve25519, P-384) for PGP key generation, AES-256-GCM for symmetric encryption and secure paste, and PBKDF2 with SHA-256 for key derivation.

How does the password generator work?

The password generator uses the browser's crypto.getRandomValues() API for cryptographically secure randomness. It supports random character passwords (6–128 chars) and EFF-wordlist passphrases (3–10 words). No passwords are stored or transmitted.

How does Secure Paste work without a server?

Secure Paste encodes the paste content directly into the URL fragment (after the # symbol). Optionally, content is encrypted with AES-256-GCM before encoding. The URL IS the paste — no server or database is involved.

What is a PGP public key?

A PGP public key is a block of armored ASCII text (starts with "-----BEGIN PGP PUBLIC KEY BLOCK-----") that you can share freely. Anyone can use it to encrypt a message that only the owner of the matching private key can decrypt.

Can I encrypt to multiple recipients?

Yes — paste several public keys separated by blank lines. The same ciphertext will be decryptable by anyone holding any of the corresponding private keys.

Does PGP Tool send my message anywhere?

No. The page never makes a network request during encryption. Everything runs client-side in your browser via OpenPGP.js. You can verify this by enabling air-gap mode, which blocks every outbound request.

What is the difference between encrypt and sign?

Encrypt protects content so only the recipient can read it. Sign cryptographically proves you authored the content but does not hide it. You can do both together — sign-then-encrypt — to get authenticity and confidentiality at the same time.

How big can my message be?

There is no hard limit, but very large texts will be slow to render. For binary files of any size, use File Encrypt or Batch Encrypt instead.

Encrypt messages with PGP in your browser

Encrypt any text to a recipient using their OpenPGP public key. Runs entirely client-side — no server, no plaintext leaves your device.

PGP message encryption uses the recipient's public key to encrypt content that only they can decrypt with their matching private key. Paste their public key (the .asc block starting with -----BEGIN PGP PUBLIC KEY BLOCK-----) into the key field, type or paste your message, and click Encrypt. The output is a self-contained PGP message you can send over any channel — email, chat, paste service, anywhere — without worrying about the medium.

Encryption is asymmetric: only the holder of the corresponding private key can read the result. Even if an attacker intercepts the ciphertext, they cannot decrypt it without the recipient's private key. This is the same encryption model as GnuPG, ProtonMail, and any standard OpenPGP client.

If you don't yet have the recipient's public key, the Key Inspector tool can fetch it from a public keyserver by email address (when air-gap mode is off). For passphrase-only encryption without a keypair, use Symmetric Encrypt instead. For files, use File Encrypt.

Frequently asked questions

What is a PGP public key?: A PGP public key is a block of armored ASCII text (starts with "-----BEGIN PGP PUBLIC KEY BLOCK-----") that you can share freely. Anyone can use it to encrypt a message that only the owner of the matching private key can decrypt.
Can I encrypt to multiple recipients?: Yes — paste several public keys separated by blank lines. The same ciphertext will be decryptable by anyone holding any of the corresponding private keys.
Does PGP Tool send my message anywhere?: No. The page never makes a network request during encryption. Everything runs client-side in your browser via OpenPGP.js. You can verify this by enabling air-gap mode, which blocks every outbound request.
What is the difference between encrypt and sign?: Encrypt protects content so only the recipient can read it. Sign cryptographically proves you authored the content but does not hide it. You can do both together — sign-then-encrypt — to get authenticity and confidentiality at the same time.
How big can my message be?: There is no hard limit, but very large texts will be slow to render. For binary files of any size, use File Encrypt or Batch Encrypt instead.