Is PGP Tool safe to use?

Yes. PGP Tool runs 100% in your browser — no data is ever sent to a server. All encryption and decryption happens client-side using openpgp.js. The code is open source under MIT license.

Can I use PGP Tool offline?

Yes. PGP Tool is a Progressive Web App (PWA) that works fully offline once installed. Enable air-gap mode to disable all network requests for maximum security.

What encryption algorithms does PGP Tool support?

PGP Tool supports RSA (2048–4096 bit) and ECC (Curve25519, P-384) for PGP key generation, AES-256-GCM for symmetric encryption and secure paste, and PBKDF2 with SHA-256 for key derivation.

How does the password generator work?

The password generator uses the browser's crypto.getRandomValues() API for cryptographically secure randomness. It supports random character passwords (6–128 chars) and EFF-wordlist passphrases (3–10 words). No passwords are stored or transmitted.

How does Secure Paste work without a server?

Secure Paste encodes the paste content directly into the URL fragment (after the # symbol). Optionally, content is encrypted with AES-256-GCM before encoding. The URL IS the paste — no server or database is involved.

What is the output format?

JSON with the same shape as input, but selected leaf values replaced by armored PGP message strings. Anyone can parse the JSON; only key-holders can read the encrypted values.

Can I encrypt nested objects, not just leaves?

Yes — point to a nested path and the entire subtree is JSON-stringified before encryption. The decrypted result is parsed back into the original shape.

Does encryption preserve types?

Strings stay strings (after decrypt); numbers, booleans, arrays, objects all round-trip correctly because they are JSON-stringified before encryption.

Why not just encrypt the whole payload?

Whole-payload encryption requires every consumer to hold the private key. Field-level encryption lets routers, validators, or auditors process the structure while only authorized consumers see sensitive values.

How do I encrypt different fields to different recipients?

Run the tool multiple times — each pass with a different public key and a different field selection. The result is a JSON document with mixed ciphertexts each readable by a different key holder.

Encrypt individual JSON fields with PGP

Selectively PGP-encrypt one or more fields inside a JSON document. The structure stays intact; only the chosen values become ciphertext.

JSON Encryptor is for partial-disclosure workflows: API payloads where some fields are sensitive (PII, credentials, medical data) but the rest needs to stay plain so downstream systems can parse the structure. Pick the fields to encrypt, paste a public key, and the tool returns the same JSON shape with selected values replaced by armored PGP ciphertext.

Decrypt mode reverses this: paste the JSON-with-ciphertext-fields plus a private key, and the tool returns the same structure with selected fields decrypted in place. Field selectors use simple dot-paths (e.g. user.email or items.0.token).

Useful for HIPAA-adjacent data flows, multi-recipient API design where each recipient sees only some fields (encrypt different fields to different keys), or audit logs where you want sensitive bits redacted but the surrounding shape readable.

Frequently asked questions

What is the output format?: JSON with the same shape as input, but selected leaf values replaced by armored PGP message strings. Anyone can parse the JSON; only key-holders can read the encrypted values.
Can I encrypt nested objects, not just leaves?: Yes — point to a nested path and the entire subtree is JSON-stringified before encryption. The decrypted result is parsed back into the original shape.
Does encryption preserve types?: Strings stay strings (after decrypt); numbers, booleans, arrays, objects all round-trip correctly because they are JSON-stringified before encryption.
Why not just encrypt the whole payload?: Whole-payload encryption requires every consumer to hold the private key. Field-level encryption lets routers, validators, or auditors process the structure while only authorized consumers see sensitive values.
How do I encrypt different fields to different recipients?: Run the tool multiple times — each pass with a different public key and a different field selection. The result is a JSON document with mixed ciphertexts each readable by a different key holder.