Is PGP Tool safe to use?

Yes. PGP Tool runs 100% in your browser — no data is ever sent to a server. All encryption and decryption happens client-side using openpgp.js. The code is open source under MIT license.

Can I use PGP Tool offline?

Yes. PGP Tool is a Progressive Web App (PWA) that works fully offline once installed. Enable air-gap mode to disable all network requests for maximum security.

What encryption algorithms does PGP Tool support?

PGP Tool supports RSA (2048–4096 bit) and ECC (Curve25519, P-384) for PGP key generation, AES-256-GCM for symmetric encryption and secure paste, and PBKDF2 with SHA-256 for key derivation.

How does the password generator work?

The password generator uses the browser's crypto.getRandomValues() API for cryptographically secure randomness. It supports random character passwords (6–128 chars) and EFF-wordlist passphrases (3–10 words). No passwords are stored or transmitted.

How does Secure Paste work without a server?

Secure Paste encodes the paste content directly into the URL fragment (after the # symbol). Optionally, content is encrypted with AES-256-GCM before encoding. The URL IS the paste — no server or database is involved.

What algorithm should I choose?

For new keys in 2026, ECC Curve25519 is the recommended default — small, fast, and modern. RSA-3072 or RSA-4096 remain widely compatible with older PGP tooling. Avoid RSA-2048 for long-term use.

Is my private key sent to any server?

No. Key generation runs entirely in your browser via OpenPGP.js. The private key is created locally and never leaves your device unless you download it or copy it yourself.

Why does my browser freeze briefly during RSA-4096 keygen?

It used to. Heavy crypto now runs in a dedicated Web Worker, so the UI stays responsive while the key is generated. Expect a few seconds for RSA-4096 even on fast machines — that is the algorithm, not the browser.

Should I set a passphrase?

Yes for any key you store on disk or share between devices. The passphrase encrypts the private key file so it is useless to anyone who steals the file without the passphrase.

What does the expiry date do?

The expiry date is signed into the key. PGP clients refuse to encrypt to or trust signatures from expired keys. Set 0 for a non-expiring key, or 1–10 years for a renewable working key. Shorter lifetimes are safer.

Generate a PGP key pair in your browser

Create RSA or ECC OpenPGP key pairs with strong defaults, optional passphrase protection, and a configurable expiry. Everything happens locally — your private key is never transmitted.

Generate a new OpenPGP keypair without installing any software. The tool wraps OpenPGP.js v6 to create RSA-2048 / 3072 / 4096 or ECC keys (Curve25519 or NIST P-384) directly in the browser using the WebCrypto API for entropy. RSA-4096 keygen runs in a Web Worker so the page stays responsive while the key is generated.

Pick a name (any alias works — pseudonyms are fine), an optional email, and a passphrase. The strength meter warns about weak passphrases before you click Generate. Once finished, you can download the public key, the private key, or a zip with both, and paste them straight into Encrypt or Sign.

This page also doubles as a passphrase changer — paste an existing private key, enter the old passphrase, and re-encrypt with a new one without altering the underlying key material.

Frequently asked questions

What algorithm should I choose?: For new keys in 2026, ECC Curve25519 is the recommended default — small, fast, and modern. RSA-3072 or RSA-4096 remain widely compatible with older PGP tooling. Avoid RSA-2048 for long-term use.
Is my private key sent to any server?: No. Key generation runs entirely in your browser via OpenPGP.js. The private key is created locally and never leaves your device unless you download it or copy it yourself.
Why does my browser freeze briefly during RSA-4096 keygen?: It used to. Heavy crypto now runs in a dedicated Web Worker, so the UI stays responsive while the key is generated. Expect a few seconds for RSA-4096 even on fast machines — that is the algorithm, not the browser.
Should I set a passphrase?: Yes for any key you store on disk or share between devices. The passphrase encrypts the private key file so it is useless to anyone who steals the file without the passphrase.
What does the expiry date do?: The expiry date is signed into the key. PGP clients refuse to encrypt to or trust signatures from expired keys. Set 0 for a non-expiring key, or 1–10 years for a renewable working key. Shorter lifetimes are safer.