PGP Encrypt · Decrypt · Generate Keys

Encrypt and decrypt messages with OpenPGP and generate Curve25519 or RSA keypairs entirely in your browser. Your messages, keys, and passphrases never leave the page.

PGP Encrypt / Decrypt / Generate Keys — Free Online (OpenPGP.js)

Free, privacy-friendly PGP tool. Encrypt and decrypt OpenPGP messages with armored public/private keys, and generate Curve25519 or RSA keypairs — all in your browser. No upload, no server, no logs.

Fonctionnalités

  • Encrypt and decrypt OpenPGP messages with armored ASCII keys — the same format GnuPG and Mailvelope use
  • Generate Curve25519 (recommended) or RSA-3072 / RSA-4096 keypairs with a Name + Email user ID and passphrase
  • Copy or download armored ciphertext and keys as .asc files — drop them straight into Thunderbird, Mailvelope, or GnuPG
  • Per-tab clear actions wipe local state so the next workflow starts clean
  • Powered by OpenPGP.js (the same library Mailvelope and ProtonMail use) — runs 100% in your browser via WebAssembly

Mode d'emploi

  1. Pick a tab. Encrypt to lock a message with someone's public key, Decrypt to unlock one with your private key, or Generate keys to create a fresh PGP keypair.
  2. Paste the armored key(s) and your message in the left panel. PGP keys start with -----BEGIN PGP PUBLIC KEY BLOCK----- (or PRIVATE KEY BLOCK).
  3. Click the action button. Copy the armored output to your clipboard or download it as a .asc file to share or store.

Conseils et bonnes pratiques

  • Set a long passphrase on your private key — without one, anyone who copies the .asc file can read all your messages.
  • Share your public key freely (post it on your website, in your email signature, or upload to keys.openpgp.org). Never share your private key.
  • When pasting an armored block, include both the BEGIN and END marker lines — OpenPGP.js looks for them.
  • If RSA key generation takes more than a minute, your tab may be deprioritized — switch to Curve25519 for an instant result.
  • Save your private key in a password manager that supports secure notes, not in plain text on disk.

FAQ

Is this PGP tool safe — are my keys or messages uploaded anywhere?

No. Everything runs in your browser using OpenPGP.js. Your plaintext, ciphertext, private keys, and passphrases never touch a server. You can confirm this by opening the browser dev tools' Network tab while you encrypt — there are no outbound requests.

Which key type should I pick when generating?

Curve25519 is the modern choice — fast to generate, small armored keys, and equivalent security to RSA 3072. Use RSA only if you need to interoperate with an old OpenPGP implementation that does not understand elliptic curves. RSA 4096 takes the longest to generate but offers the strongest compatibility margin.

What does 'armored' mean?

PGP keys and messages are binary by default. The 'ASCII armor' format wraps them in base64 between -----BEGIN PGP …----- markers so they can be pasted into emails, chat messages, and forms without corruption. This tool reads and writes only the armored format.

Why is my decryption failing with 'session key decryption failed'?

That error means the private key you provided cannot unlock the ciphertext. Usually it's because (a) the message was encrypted to a different recipient — make sure the sender used your public key, or (b) you pasted the wrong key from a keyring, or (c) the private key is passphrase-protected but you didn't enter the passphrase.

Can I sign or verify messages?

This tool focuses on encryption, decryption, and key generation. Signing and verification are a separate workflow with subtleties around detached vs inline signatures, hash algorithms, and trust models — see a dedicated signing tool, or use GnuPG or Mailvelope for that.

How big are the generated keys?

Curve25519 keys are roughly 1.5 KB armored. RSA 3072 is roughly 2.5 KB and RSA 4096 is roughly 3.5 KB. The private key is slightly larger than the public key because it carries the additional secret parameters.

Will this work if my key was generated by GnuPG or Mailvelope?

Yes — OpenPGP.js interoperates with the OpenPGP standard (RFC 4880 / 9580), which is what GnuPG, Mailvelope, ProtonMail, and Thunderbird's built-in encryption all implement. Just paste the armored key as-is.

Should I trust 'untrusted website encryption' for sensitive data?

PGP in the browser is a real-world workflow used by ProtonMail and Mailvelope, but the security depends on the page you load actually being the original one. For the highest assurance — say, leaks to journalists, or long-term key custody — use a dedicated desktop application (GnuPG, Kleopatra, GPG Suite) on a trusted computer. For day-to-day use this tool is a convenient option.

Outils associés

Password GeneratorHash GeneratorJWT Decoder & VerifierPassword Strength CheckerSecure Note SharerFile Hash VerifierJWT GeneratorCSP Header GeneratorText Encrypt/DecryptSRI Hash GeneratorX.509 / SSL Certificate DecoderIP Address FinderCSV Cleaner & NormalizerMarkdown PreviewerAPI Rate Limiting CalculatorXML ⇄ JSON ConverterCSV ⇄ JSON ConverterUnit Converter