Is PGP Tool safe to use?

Yes. PGP Tool runs 100% in your browser — no data is ever sent to a server. All encryption and decryption happens client-side using openpgp.js. The code is open source under MIT license.

Can I use PGP Tool offline?

Yes. PGP Tool is a Progressive Web App (PWA) that works fully offline once installed. Enable air-gap mode to disable all network requests for maximum security.

What encryption algorithms does PGP Tool support?

PGP Tool supports RSA (2048–4096 bit) and ECC (Curve25519, P-384) for PGP key generation, AES-256-GCM for symmetric encryption and secure paste, and PBKDF2 with SHA-256 for key derivation.

How does the password generator work?

The password generator uses the browser's crypto.getRandomValues() API for cryptographically secure randomness. It supports random character passwords (6–128 chars) and EFF-wordlist passphrases (3–10 words). No passwords are stored or transmitted.

How does Secure Paste work without a server?

Secure Paste encodes the paste content directly into the URL fragment (after the # symbol). Optionally, content is encrypted with AES-256-GCM before encoding. The URL IS the paste — no server or database is involved.

How is this different from public-key encryption?

Public-key uses asymmetric keys: anyone can encrypt with your public key, only you decrypt with your private key. Symmetric uses one shared secret: both sides have the same passphrase, both can encrypt and decrypt.

Will the recipient need PGP Tool?

No. The output is a standard OpenPGP message decryptable by any OpenPGP client — GnuPG, Kleopatra, ProtonMail, etc.

How do I share the passphrase securely?

Out of band: in person, over an end-to-end encrypted channel like Signal, or split across two channels. Never send the passphrase in the same message channel as the ciphertext.

Is symmetric encryption weaker than public-key?

Not inherently — AES-256 is as strong as the best public-key crypto. The weakness is operational: passphrases are typed by humans, often guessable, and anyone with the passphrase can read everything ever encrypted with it.

What if the passphrase is weak?

A weak passphrase is the whole game. Use the Password Generator to produce a strong one (24+ random characters or a 6-word EFF passphrase) and share it carefully.

Symmetric PGP encryption — passphrase only, no keys

Encrypt and decrypt messages using only a shared passphrase. No keypair, no key exchange — just a secret you and the recipient both know.

Symmetric encryption skips the public-key dance. Both sides share a passphrase out of band (in person, over a secure channel) and use it to encrypt and decrypt. Useful for one-off secrets between two people, or for protecting your own data with a memorable secret.

PGP Tool's symmetric mode uses OpenPGP's standard S2K (string-to-key) and AES-256, which means the output is interoperable with GnuPG and any other OpenPGP client. Anyone with the passphrase and any OpenPGP-compatible tool can decrypt the result.

For more aggressive password-based encryption (memory-hard Argon2id key derivation, custom envelope), see Secure Paste — it lets you choose between PBKDF2 and Argon2id explicitly.

Frequently asked questions

How is this different from public-key encryption?: Public-key uses asymmetric keys: anyone can encrypt with your public key, only you decrypt with your private key. Symmetric uses one shared secret: both sides have the same passphrase, both can encrypt and decrypt.
Will the recipient need PGP Tool?: No. The output is a standard OpenPGP message decryptable by any OpenPGP client — GnuPG, Kleopatra, ProtonMail, etc.
How do I share the passphrase securely?: Out of band: in person, over an end-to-end encrypted channel like Signal, or split across two channels. Never send the passphrase in the same message channel as the ciphertext.
Is symmetric encryption weaker than public-key?: Not inherently — AES-256 is as strong as the best public-key crypto. The weakness is operational: passphrases are typed by humans, often guessable, and anyone with the passphrase can read everything ever encrypted with it.
What if the passphrase is weak?: A weak passphrase is the whole game. Use the Password Generator to produce a strong one (24+ random characters or a 6-word EFF passphrase) and share it carefully.