Is PGP Tool safe to use?

Yes. PGP Tool runs 100% in your browser — no data is ever sent to a server. All encryption and decryption happens client-side using openpgp.js. The code is open source under MIT license.

Can I use PGP Tool offline?

Yes. PGP Tool is a Progressive Web App (PWA) that works fully offline once installed. Enable air-gap mode to disable all network requests for maximum security.

What encryption algorithms does PGP Tool support?

PGP Tool supports RSA (2048–4096 bit) and ECC (Curve25519, P-384) for PGP key generation, AES-256-GCM for symmetric encryption and secure paste, and PBKDF2 with SHA-256 for key derivation.

How does the password generator work?

The password generator uses the browser's crypto.getRandomValues() API for cryptographically secure randomness. It supports random character passwords (6–128 chars) and EFF-wordlist passphrases (3–10 words). No passwords are stored or transmitted.

How does Secure Paste work without a server?

Secure Paste encodes the paste content directly into the URL fragment (after the # symbol). Optionally, content is encrypted with AES-256-GCM before encoding. The URL IS the paste — no server or database is involved.

How is this different from just copying the key file?

A copy means each holder has the full key — any one of them can reconstruct alone. With Shamir splitting, no individual holder has anything useful: K of them must collude to recover the secret. This raises the bar for compromise and adds redundancy at once.

Can I change the threshold later?

No. The threshold is baked into the shares at split time. To change K, reconstruct the secret, destroy the old shares, and re-split with the new threshold.

What if I lose more than N-K shares?

The key is unrecoverable. That is the trade-off: distributing shares makes the key resilient against partial loss, but losing too many is permanent.

Is this OpenPGP standard?

No. Shamir's Secret Sharing is a separate cryptographic scheme; the shares are not OpenPGP packets. They are PGP Tool's own format. Reconstruct using PGP Tool (or any compatible Shamir implementation) before importing into GnuPG.

Does the tool support 1-of-N (anyone can recover)?

Yes — a 1-of-N split is just the original key copied into N independent shares. Useful for redundancy with no collusion requirement.

Split a private key with Shamir's Secret Sharing

Break a PGP private key into N shares with a K-of-N reconstruction threshold. Distribute shares to trusted parties; any K can reconstruct the key, fewer cannot.

Shamir's Secret Sharing lets you split a secret into multiple shares with a threshold: any K of N shares reconstruct the original, but K-1 reveal nothing. Common configurations are 2-of-3 (you, your partner, your lawyer) or 3-of-5 (board of directors).

The Split Key tool takes your armored PGP private key, splits it into the configured number of shares, and gives you each share as a downloadable text block. Share them with trusted parties via separate channels. To reconstruct, paste any K shares back into the tool and recover the original key.

Splitting works best for keys you do not need daily. Use it for backup of high-value keys (cold-storage signing keys, organizational root keys, recovery keys), not for keys you encrypt to every day. Once split, the shares replace the original — destroy the unsplit key file securely.

Frequently asked questions

How is this different from just copying the key file?: A copy means each holder has the full key — any one of them can reconstruct alone. With Shamir splitting, no individual holder has anything useful: K of them must collude to recover the secret. This raises the bar for compromise and adds redundancy at once.
Can I change the threshold later?: No. The threshold is baked into the shares at split time. To change K, reconstruct the secret, destroy the old shares, and re-split with the new threshold.
What if I lose more than N-K shares?: The key is unrecoverable. That is the trade-off: distributing shares makes the key resilient against partial loss, but losing too many is permanent.
Is this OpenPGP standard?: No. Shamir's Secret Sharing is a separate cryptographic scheme; the shares are not OpenPGP packets. They are PGP Tool's own format. Reconstruct using PGP Tool (or any compatible Shamir implementation) before importing into GnuPG.
Does the tool support 1-of-N (anyone can recover)?: Yes — a 1-of-N split is just the original key copied into N independent shares. Useful for redundancy with no collusion requirement.