PGP Key Generator & Encrypt / Decrypt
A browser-only PGP toolkit powered by openpgp.js, the standard reference implementation. Generate a fresh OpenPGP key pair (RSA 2048/4096 or modern Curve25519), then use the same page to encrypt messages to a recipient, decrypt messages addressed to you, or sign and verify text. All keys and plaintext stay in your browser — no upload, no server-side processing.
How to use
Enter your name, email, and a strong passphrase. Pick Curve25519 for new keys (fast), or RSA 4096 if you need maximum compatibility with older tools.
Copy or download the "-----BEGIN PGP PUBLIC KEY BLOCK-----" output. Publish it on your website, send via email, or upload to a keyserver. The public key is meant to be public.
Switch to the Encrypt tab. Paste a recipient's public key and the message. The output is a "-----BEGIN PGP MESSAGE-----" block — only the recipient (with their private key) can decrypt it.
Switch to the Decrypt tab. Paste the encrypted message, your private key, and your passphrase. The plaintext appears below.
Generate a PGP / OpenPGP key pair and encrypt or decrypt messages — entirely in your browser
🔒 Privacy
- Keys are generated by openpgp.js in your browser using crypto.getRandomValues.
- Your passphrase, private key, and plaintext never leave your device — no network call carries them.
- For maximum trust, run the page once with a connection, then disconnect before generating sensitive keys.
- Save your private key and passphrase securely; losing either makes the key unusable.
Features
FAQ
Are my keys safe?
The keys are generated and used entirely in your browser via openpgp.js. The passphrase, private key, and plaintext never leave your device. You can verify with the browser's Network tab — no requests carry sensitive data.
Which algorithm should I pick?
Curve25519 for new use: faster, smaller keys, modern security. RSA 4096 if you need to communicate with older systems that only support RSA. RSA 2048 only for legacy compatibility — newer guidelines recommend at least 3072 bits.
Can I import my existing key?
Yes. On Encrypt / Decrypt / Sign / Verify tabs, paste your existing OpenPGP key block. The page does not save it — only uses it for the current operation.
What if I forget my passphrase?
The private key becomes unusable. There is no recovery — that's the point of strong encryption. Save the passphrase in a password manager when you generate the key.
Is this compatible with GnuPG / Thunderbird / ProtonMail?
Yes. openpgp.js produces standard RFC 4880 OpenPGP messages. They can be decrypted by GnuPG, Thunderbird's OpenPGP, Kleopatra, ProtonMail, and any other compliant tool.
Why does Curve25519 generate instantly while RSA 4096 takes 10+ seconds?
RSA needs to find two large random primes — a sampling-and-testing process that takes time. Curve25519 just picks a random integer in a known range; no primality test required.
We can — and it's free! Just send us a quick message with your idea. If you'd like to discuss it in detail, leave your email and we'll get back to you. You can stay anonymous.
