Is PGP Tool safe to use?

Yes. PGP Tool runs 100% in your browser — no data is ever sent to a server. All encryption and decryption happens client-side using openpgp.js. The code is open source under MIT license.

Can I use PGP Tool offline?

Yes. PGP Tool is a Progressive Web App (PWA) that works fully offline once installed. Enable air-gap mode to disable all network requests for maximum security.

What encryption algorithms does PGP Tool support?

PGP Tool supports RSA (2048–4096 bit) and ECC (Curve25519, P-384) for PGP key generation, AES-256-GCM for symmetric encryption and secure paste, and PBKDF2 with SHA-256 for key derivation.

How does the password generator work?

The password generator uses the browser's crypto.getRandomValues() API for cryptographically secure randomness. It supports random character passwords (6–128 chars) and EFF-wordlist passphrases (3–10 words). No passwords are stored or transmitted.

How does Secure Paste work without a server?

Secure Paste encodes the paste content directly into the URL fragment (after the # symbol). Optionally, content is encrypted with AES-256-GCM before encoding. The URL IS the paste — no server or database is involved.

Who guarantees the target time?

The Drand quorum — a set of independent organizations (Cloudflare, EPFL, UCL, etc.) jointly running the beacon. If the quorum stays honest, the decryption key cannot be derived early. If the quorum colludes, all bets are off.

Can I decrypt my own message early?

No. Time-lock encryption derives the decryption key from a future Drand value that does not exist yet, even on your machine.

What if Drand goes offline?

The decryption simply waits — the message becomes unreadable until Drand publishes the target round (or until you switch to a backup beacon). The tool defaults to drand.cloudflare.com which has very high uptime.

How precise is the timing?

Drand publishes a new round every 30 seconds on the default network. Pick any future round; the message becomes decryptable within 30 seconds of that round's scheduled time.

Does this work in air-gap mode?

Encryption yes — only the public Drand parameters are needed. Decryption requires fetching the target round's value, which needs network access. Disable air-gap mode to decrypt.

Time-lock encrypt — readable only after a future date

Encrypt a message that nobody (not even you) can decrypt until a specific UTC date. Uses the Drand distributed randomness beacon, no trusted third party.

Time-lock encryption produces ciphertext that becomes decryptable at a future moment, not a moment earlier. PGP Tool uses Drand, a distributed randomness beacon: every block, a quorum of nodes publishes a verifiable random value at a known time. The encryption key for your message is derived from a future Drand round; anyone can compute it once that round is published, but no one can compute it earlier.

Set a target date, paste your message, and the tool produces a ciphertext blob plus a small set of metadata (Drand round number, beacon network). Share the blob; nobody can read it until the target round is published. After the target time, anyone with the blob can decrypt — no recipient required.

Useful for: future announcements (cryptographic equivalent of a sealed envelope), conditional reveals (publish a prediction now, prove you didn't change it later), scheduled disclosures, or scavenger hunts.

Frequently asked questions

Who guarantees the target time?: The Drand quorum — a set of independent organizations (Cloudflare, EPFL, UCL, etc.) jointly running the beacon. If the quorum stays honest, the decryption key cannot be derived early. If the quorum colludes, all bets are off.
Can I decrypt my own message early?: No. Time-lock encryption derives the decryption key from a future Drand value that does not exist yet, even on your machine.
What if Drand goes offline?: The decryption simply waits — the message becomes unreadable until Drand publishes the target round (or until you switch to a backup beacon). The tool defaults to drand.cloudflare.com which has very high uptime.
How precise is the timing?: Drand publishes a new round every 30 seconds on the default network. Pick any future round; the message becomes decryptable within 30 seconds of that round's scheduled time.
Does this work in air-gap mode?: Encryption yes — only the public Drand parameters are needed. Decryption requires fetching the target round's value, which needs network access. Disable air-gap mode to decrypt.