Is PGP Tool safe to use?

Yes. PGP Tool runs 100% in your browser — no data is ever sent to a server. All encryption and decryption happens client-side using openpgp.js. The code is open source under MIT license.

Can I use PGP Tool offline?

Yes. PGP Tool is a Progressive Web App (PWA) that works fully offline once installed. Enable air-gap mode to disable all network requests for maximum security.

What encryption algorithms does PGP Tool support?

PGP Tool supports RSA (2048–4096 bit) and ECC (Curve25519, P-384) for PGP key generation, AES-256-GCM for symmetric encryption and secure paste, and PBKDF2 with SHA-256 for key derivation.

How does the password generator work?

The password generator uses the browser's crypto.getRandomValues() API for cryptographically secure randomness. It supports random character passwords (6–128 chars) and EFF-wordlist passphrases (3–10 words). No passwords are stored or transmitted.

How does Secure Paste work without a server?

Secure Paste encodes the paste content directly into the URL fragment (after the # symbol). Optionally, content is encrypted with AES-256-GCM before encoding. The URL IS the paste — no server or database is involved.

Where does the vault live?

In localStorage under the key pgptool_vault. The contents are AES-256-GCM ciphertext keyed off your passphrase via PBKDF2.

Can I sync between devices?

Not automatically. Export the vault file from one device and import it on another — the encrypted blob is portable.

What if I forget the master passphrase?

There is no recovery. The encrypted blob is unreadable without the passphrase. Store it somewhere safe, or use Split Key on the passphrase itself for trustees-style recovery.

Is auto-lock supported?

The session decryption clears when you close the tab or switch tools. Open the vault in a fresh session and unlock again.

Does the vault back up to anywhere?

No. Use the Export button periodically to download the encrypted file and back it up yourself (cloud, USB drive, etc.). The exported file is the same encrypted blob — safe to store anywhere.

Encrypted in-browser notepad

A multi-entry vault for sensitive notes, encrypted with a passphrase, stored locally in your browser. No sync, no server — yours alone.

Encrypted Vault is a lightweight password manager / secure notepad. Each entry is AES-encrypted with a master passphrase you set; the encrypted blob lives in browser localStorage. Unlock once per session, edit and add entries, and re-lock to clear the decrypted state from memory.

Useful for: API tokens you copy-paste during local development, recovery codes, encrypted journal entries, brain-dump notes you want safe from a casual onlooker. Not a replacement for a full password manager (no sync, no shared vaults, no autofill) — but zero-config and entirely client-side.

Because the vault lives in your browser, clearing site data wipes it. Export periodically (the encrypted blob is portable across browsers) if you store anything you cannot reconstruct.

Frequently asked questions

Where does the vault live?: In localStorage under the key pgptool_vault. The contents are AES-256-GCM ciphertext keyed off your passphrase via PBKDF2.
Can I sync between devices?: Not automatically. Export the vault file from one device and import it on another — the encrypted blob is portable.
What if I forget the master passphrase?: There is no recovery. The encrypted blob is unreadable without the passphrase. Store it somewhere safe, or use Split Key on the passphrase itself for trustees-style recovery.
Is auto-lock supported?: The session decryption clears when you close the tab or switch tools. Open the vault in a fresh session and unlock again.
Does the vault back up to anywhere?: No. Use the Export button periodically to download the encrypted file and back it up yourself (cloud, USB drive, etc.). The exported file is the same encrypted blob — safe to store anywhere.