Is PGP Tool safe to use?

Yes. PGP Tool runs 100% in your browser — no data is ever sent to a server. All encryption and decryption happens client-side using openpgp.js. The code is open source under MIT license.

Can I use PGP Tool offline?

Yes. PGP Tool is a Progressive Web App (PWA) that works fully offline once installed. Enable air-gap mode to disable all network requests for maximum security.

What encryption algorithms does PGP Tool support?

PGP Tool supports RSA (2048–4096 bit) and ECC (Curve25519, P-384) for PGP key generation, AES-256-GCM for symmetric encryption and secure paste, and PBKDF2 with SHA-256 for key derivation.

How does the password generator work?

The password generator uses the browser's crypto.getRandomValues() API for cryptographically secure randomness. It supports random character passwords (6–128 chars) and EFF-wordlist passphrases (3–10 words). No passwords are stored or transmitted.

How does Secure Paste work without a server?

Secure Paste encodes the paste content directly into the URL fragment (after the # symbol). Optionally, content is encrypted with AES-256-GCM before encoding. The URL IS the paste — no server or database is involved.

What is a fingerprint and why does it matter?

A fingerprint is a SHA-1 (v4) or SHA-256 (v6) hash of the public key. It is the only safe way to identify a key — public-key text can be edited; the fingerprint cannot. Compare fingerprints out-of-band before trusting a key.

Why does my key say "unsafe" or "weak"?

RSA below 3072 bits and certain DSA configurations are flagged. They will work technically but offer limited resistance to well-funded attackers and are deprecated by NIST/IETF for long-term use.

Does Inspector send my key anywhere?

Parsing is local. Keyserver lookup, when explicitly requested, sends only the email address (not the key) to keys.openpgp.org over HTTPS. Air-gap mode disables that lookup.

A small ASCII pattern derived from the fingerprint. Humans recognize visual changes much faster than they spot a flipped hex digit, so randomart helps catch substitution attacks during fingerprint verification.

Can Inspector read private keys?

Yes — it shows the same metadata for private keys as for public keys, plus a flag indicating whether the private material is passphrase-encrypted. The private material itself is never displayed.

Inspect any OpenPGP key

Read the fingerprint, algorithm, key size, expiry, subkeys, and user IDs of any PGP public or private key. Optional keyserver lookup by email address.

Key Inspector parses any armored OpenPGP key block and surfaces every field that matters for security review: full and short fingerprints, algorithm (RSA, ECC, DSA), key size or curve name, creation date, expiry, user IDs, and the subkey hierarchy with the same details for each subkey.

It also flags keys that look unsafe — short RSA keys, expired primary keys, missing encryption capability — and visualizes the fingerprint as a randomart pattern (the same SSH-style ASCII art GnuPG uses) so two people can compare keys verbally without misreading hex digits.

When air-gap mode is off, Inspector can also fetch a public key from keys.openpgp.org by email address — useful when a correspondent has not sent you their key directly.

Frequently asked questions

What is a fingerprint and why does it matter?: A fingerprint is a SHA-1 (v4) or SHA-256 (v6) hash of the public key. It is the only safe way to identify a key — public-key text can be edited; the fingerprint cannot. Compare fingerprints out-of-band before trusting a key.
Why does my key say "unsafe" or "weak"?: RSA below 3072 bits and certain DSA configurations are flagged. They will work technically but offer limited resistance to well-funded attackers and are deprecated by NIST/IETF for long-term use.
Does Inspector send my key anywhere?: Parsing is local. Keyserver lookup, when explicitly requested, sends only the email address (not the key) to keys.openpgp.org over HTTPS. Air-gap mode disables that lookup.
What is randomart?: A small ASCII pattern derived from the fingerprint. Humans recognize visual changes much faster than they spot a flipped hex digit, so randomart helps catch substitution attacks during fingerprint verification.
Can Inspector read private keys?: Yes — it shows the same metadata for private keys as for public keys, plus a flag indicating whether the private material is passphrase-encrypted. The private material itself is never displayed.